Forum Discussion

4 years ago

Apache Log4j Detection Improvements Summary: Since CVE-2021-4

Apache Log4j Detection Improvements Summary: Since CVE-2021-44228 was first announced, Tenable has been working diligently on improving the local detections for Apache Log4j on Windows, Linux, and...

CVE

Tenable

jones_bryan

Connect Contributor

4 years ago

@Greg Betz Can you clarify the statement "This is limited to a depth of one level due to performance issues"? Is this true even with Thorough scans enabled?

gbetz

4 years ago

Hello Bryan. Thanks for pointing this out.

The statement "This is limited to a depth of one level due to performance issues" relates only to the Java archive inspection in which the detection does not recursively extract the contents of nested Java archive files. I'll update the post clarifying that nested Java archive files are not inspected.

For example, the following will be detected:

app.jar

log4j-core-2.10.0.jar
org/apache/logging/log4j/log4j-core-2.10.0.jar

A nested JAR file will not be detected, such as:

app-nested.jar

app-libs.jar
- log4j-core-2.10.0.jar [nested inside app-libs.jar]

We are researching this further but due to the potential performance and resource implications of recursively extracting Java archive files, this has not been included in our detections.

Forum Discussion

Apache Log4j Detection Improvements Summary: Since CVE-2021-4

Recent Discussions

Machine Learning SinFP Model Updates for OS Fingerprinting

New Plugin Family: UnionTech Local Security Checks

Fudo Security API v2 Compatibility

Improved Printer Fingerprinting

Include/Exclude Path and Tenable Utils Unzip added to Log4j Detection

Americas

Europe

Asia / Australia