Forum Discussion

4 years ago

Tenable Research is providing the following supporting...

Tenable Research is providing the following supporting information about the 31 NASL detection plugins and two WAS plugin recently released in response to a critical vulnerability reported in Log4j (...

CVE

Tenable

Tenable Research

Anonymous

4 years ago

These plugins return results for earlier versions of Log4j which are not vulnerable to Log4Shell. E.g. v1.2.15

Can they be updated to be more specific to the vulnerable versions?

nicola_ornaghi
4 years ago
I second this, given the scope of the issue it would make prioritisation more approachable
Anonymous
4 years ago
that's not entirely accurate. There is a configuration in Log4J 1.x using JMSAppender class that does render it vulnerable. It's off by default I believe, but still should be something that is identified and then checked further.

Forum Discussion

Tenable Research is providing the following supporting...

Recent Discussions

Python Package Enumeration - Detection Updates

Ivanti Neurons & Endpoint Manager Mobile Integration

Plugin 135860 (wmi_not_available) No Longer Fires if No Viable WMI Credentials were found

Machine Learning SinFP Model Updates for OS Fingerprinting

New Plugin Family: UnionTech Local Security Checks

Americas

Europe

Asia / Australia