Forum Discussion

Product Team

4 years ago

Additional Plugins Released for Log4Shell - Apache Log4j...

Additional Plugins Released for Log4Shell - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) Tenable has released two additional plugins for CVE-2021-44228, known as Log4Shell. Addi...

Cyber Exposure Alerts

michael_ohara

4 years ago

Hi Tenable Community - sanity-check on the Nessus updates to scan for this. For some servers I do not have auth (don't ask) - will the Log4Shell scan work to completion or provide partial results?

michael_ohara
4 years ago
To expand on my ask - which will report good results w/o auth:
Host
Apache Log4j < 2.15.0 Remote Code Execution155999
Apache Log4j < 2.15.0 Remote Code Execution156002
Apache Log4j Installed (Linux / Unix)156000
Apache Log4j JAR Detection (Windows)156001
Web Services
Apache Log4j Message Lookup Substitution RCE (Log4Shell) (Direct Check)155998
Apache Log4Shell RCE detection via callback correlation (Direct Check HTTP)156014
snarang
Product Team
4 years ago
Hi @Michael OHara
My colleagues have published the following note to the Research Release Highlights that breaks down how each of the plugins work including specifics on the plugins that do not require authentication:
https://community.tenable.com/s/feed/0D53a00008E3hKzCAJ
Please let me know if this answers your questions.

Forum Discussion

Additional Plugins Released for Log4Shell - Apache Log4j...

Recent Discussions

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

CVE-2025-7775: Citrix NetScaler ADC and Gateway Zero-Day RCE Vulnerability Exploited in the Wild

CVE-2025-25256: Proof of Concept Released for Fortinet FortiSIEM Command Injection Vulnerability

Microsoft’s August 2025 Patch Tuesday Addresses 107 CVEs (CVE-2025-53779)

Americas

Europe

Asia / Australia