| View file | ||||
|---|---|---|---|---|
|
This information should enable product owners, developers and other parties to evaluate whether an application is affected by the Log4j vulnerability or not.
...
There are existing binaries for Linux and Windows as well as an OS indipendent JAR file. The latest releases can be found here: https://github.com/logpresso/CVE-2021-44228-Scanner/releases/latest. The application will then be run with the target as argument:
https://github.com/logpresso/CVE-2021-44228-Scanner (Win, Lin, Java)
./log4j2-scan apache-log4j-2.8.2-bin
[*] Found CVE-2021-44228 vulnerability in /home/andy/Projects/LOG4J/CVE-2021-44228-Scanner/apache-log4j-2.8.2-bin/log4j-core-2.8.2.jar, log4j 2.8.2
[*] Found CVE-2021-44228 vulnerability in /home/andy/Projects/LOG4J/CVE-2021-44228-Scanner/apache-log4j-2.8.2-bin/log4j-core-2.8.2-sources.jar, log4j 2.8.2 (mitigated)
[*] Found CVE-2021-44228 vulnerability in /home/andy/Projects/LOG4J/CVE-2021-44228-Scanner/apache-log4j-2.8.2-bin/log4j-core-2.8.2-tests.jar, log4j 2.8.2 (mitigated)
...