Forum Discussion
Frequently Asked Questions about Spring4Shell Vulnerability
Is there any plan for a scan policy to be developed similar to the log4shell polices? Or even a policy that combines the 2 since the required policy settings are similar for both log4shell and spring4shell? With paranoid and thorough setting requirement we find it difficult to use that in a policy with all plugins enabled as the number of false positives can be difficult to deal with.
Hi Bryan,
At the moment with only one Nessus plugin ID currently released there is not a scan template available. The team is working on and investigating additional checks at this time. As Paranoid and Thorough settings could impact a number of other plugins that may be enabled, we would recommend creating a scan policy using the Advanced Scan template, enabling both settings, and only enabling Plugin ID 159374. This would allow you to run a targeted scan with only this plugin and it's dependencies enabled.
Thank you for this information. Can I check something please - when I do as advised and create an advanced scan, disable all plugins and then just enable 159374, it does not automatically enable all dependant plugins. Is it supposed to? I've attempted to do it manually using the info on your website, but there are a lot and I lost track after 20 minutes of repeatedly clicking backwards and forwards.
One problem with this method is that any existing Basic Network scans turn around and close the results. 159374 should be disabled in Basic Network Scans to prevent false closures and flapping of the plugin.