How To Identify Log4j Vulnerable Assets In Nessus?

About Log4j Vulnerability

  1. A Critical 0-day Unauthenticated Remote Code Execution vulnerability in Log4j Logging Library (CVE-2021–44228) allows attackers to carry out unauthenticated, remote code execution attacks.
  2. A new vulnerability (CVE-2021–45046) Log4j library allows attackers to perform denial of service (DOS) attacks by crafting malicious input data using a JNDI Lookup pattern.
  3. CVE-2021–45105 was discovered as the third vulnerability within the month that allows attackers to perform Denial of Service due to infinite recursion in lookup evaluation.
  4. Now the latest discloser is that the Log4j is affected by CVE-2021–44832- A Remote Code Execution Vulnerability which is fixed in v2.17.1.

Identify The Log4j Vulnerable Assets In Nessus

How To configure Log4j template In Nessus?

  1. Advanced Scan Template
  2. Advanced Dynamic Scan Template
  1. Creating A Policy

--

--

--

We are here to create awareness about cyber security.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Mr. Cybers’ Hood

{UPDATE} Spanglish Hack Free Resources Generator

Top 5 English ethical Hacking YouTube channel

{UPDATE} Кроссворды Крепость Hack Free Resources Generator

Phoenix jailbreak

How strong is the Datadome?

Let’s talk about the critical feature that gets no update in Mojave

OAuth & OpenID — The what and the why

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Thesecmasterblog

Thesecmasterblog

We are here to create awareness about cyber security.

More from Medium

How To Fix “InstallerFileTakeOver” 0day LPE Vulnerability In Windows?

WMI for Script Kiddies — TrustedSec

PortSwigger Lab: Modifying serialized data types | WalkThrough

Container Security-Common issues