A remote code execution vulnerability exists in Apache Log4j < 2.15.0 due to insufficient protections on message lookup substitutions when dealing with user controlled input. A remote, unauthenticated attacker can explolit this, via a web request to execute arbitrary code with the permission level of the running Java process.
The plugin relies on callbacks from the target being scanned and hence any firewall rules or interaction with other security devices will affect the efficacy of the plugin. The plugin will also not yield results on Tenable.io and customers are encouraged to use plugin IDs 155999, 156000, 156001, and 156002 instead when scanning with Tenable.io. We continue to explore options for additional detection.
This plugin will have the scanner listen for the callback on a random port in the 50000 to 60000 range.
Binary data apache_log4j_jdni_ldap_generic.nbin