Forum Discussion

Anonymous

4 years ago

Proof-of-Concept for Critical Apache Log4j Remote Code...

Proof-of-Concept for Critical Apache Log4j Remote Code Execution Vulnerability Available (CVE-2021-44228) On December 9, researchers published proof-of-concept (PoC) exploit code for a critical vuln...

scaveza

Product Team

4 years ago

Hi Jeff,

The following plugins are available and in the plugins feed. If you have not already, please update your plugins and ensure the feed serial is 202112110647.

The plugin IDs are below:

155998 Apache Log4j Message Lookup Substitution RCE (Log4Shell) (Direct Check)

155999 Apache Log4j < 2.15.0 Remote Code Execution

156000 Apache Log4j Installed (Unix)

156001 Apache Log4j JAR Detection (Windows)

156002 Apache Log4j < 2.15.0 Remote Code Execution

We're working with our teams to ensure the plugin search page properly reflects these new plugins.

keith_mccullum

Connect Contributor

4 years ago

Plugins still aren't searchable.

I'm trying to figure out if any of them are "remote" type but three are encrypted. The other two have readable source code and confirmed as "local" type, meaning they only will detect for authenticated scans and are useless for detecting an externally-exploitable vulnerability.

Forum Discussion

Proof-of-Concept for Critical Apache Log4j Remote Code...

Recent Discussions

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

CVE-2025-7775: Citrix NetScaler ADC and Gateway Zero-Day RCE Vulnerability Exploited in the Wild

CVE-2025-25256: Proof of Concept Released for Fortinet FortiSIEM Command Injection Vulnerability

Microsoft’s August 2025 Patch Tuesday Addresses 107 CVEs (CVE-2025-53779)

Americas

Europe

Asia / Australia