Forum Discussion

Anonymous

4 years ago

Proof-of-Concept for Critical Apache Log4j Remote Code...

Proof-of-Concept for Critical Apache Log4j Remote Code Execution Vulnerability Available (CVE-2021-44228) On December 9, researchers published proof-of-concept (PoC) exploit code for a critical vuln...

Anonymous

4 years ago

Same issue here, Keith, I'm confused why there's not a plugin for unauthenticated scans since that's exactly how attackers are scanning for vulnerable hosts...

Just forced plugin updates and not seeing them when I search either.

keith_mccullum

Connect Contributor

4 years ago

I manually "updated" the feeds for Tenable.SC and Active Plugins from within my on-prem SC instance. The plugin IDs were then searchable in the "Plugins" page under the username dropdown menu. That's how I found which were local and which were encrypted.

Waiting on hold for a support engineer, but my hope is that 155998 "Apache Log4j Message Lookup Substitution RCE (Log4Shell) (Direct Check)" is a remote check, as most of the previous "Direct Check" plugins for similar vulns are remote type.

Forum Discussion

Proof-of-Concept for Critical Apache Log4j Remote Code...

Recent Discussions

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

CVE-2025-7775: Citrix NetScaler ADC and Gateway Zero-Day RCE Vulnerability Exploited in the Wild

CVE-2025-25256: Proof of Concept Released for Fortinet FortiSIEM Command Injection Vulnerability

Microsoft’s August 2025 Patch Tuesday Addresses 107 CVEs (CVE-2025-53779)

Americas

Europe

Asia / Australia