A remote code execution vulnerability exists in Apache Log4j < 2.15.0 due to insufficient protections on message lookup substitutions when dealing with user controlled input. A remote, unauthenticated attacker can explolit this, via a crafted telnet message to execute arbitrary code with the permission level of the running Java process.
This plugin requires that both the scanner and target machine have internet access.
Binary data apache_log4j_jdni_ldap_generic_telnet.nbin