Tenable Research is providing the following supporting information about the NASL detection plugin recently released in response to a critical DoS vulnerability reported in Log4j. As a reminder, it is recommended that thorough_tests are enabled for all scans using this CVE-2021-45046 plugin.

NASL plugins

156057 Apache Log4j 2.x < 2.16.0

• Version check for known vuln Log4j versions related to CVE-2021-45046 in Windows, Unix and Linux systems

156165 Apache Log4j 2.x < 2.16.0 RCE

• Version check for known vuln Log4j versions related to CVE-2021-45046 in MacOS systems