Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.APACHE_LOG4J_JDNI_LDAP_GENERIC_TELNET.NBIN
HistoryDec 17, 2021 - 12:00 a.m.

Apache Log4Shell RCE detection via callback correlation (Direct Check Telnet)

2021-12-1700:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
23
JSON

A remote code execution vulnerability exists in Apache Log4j < 2.15.0 due to insufficient protections on message lookup substitutions when dealing with user controlled input. A remote, unauthenticated attacker can explolit this, via a crafted telnet message to execute arbitrary code with the permission level of the running Java process.

This plugin requires that both the scanner and target machine have internet access.

Binary data apache_log4j_jdni_ldap_generic_telnet.nbin
VendorProductVersionCPE
apachelog4jcpe:/a:apache:log4j
JSON