Synopsis
This plugin serves as a launcher plugin for plugins in the Apache Log4j vulnerable ecosystem.
Description
This plugin was used in the scan template 'Log4Shell Vulnerability Ecosystem' (prior to 2/2/2022) as a way to include other plugins related to the Log4j vulnerabilities CVE-2021-44228, CVE-2021-44832, CVE-2021-45046, and CVE-2021-4104, including those based on patches from other vendors.
- 156932 VMware vRealize Operations Manager Log4Shell Direct Check (CVE-2021-44228) (VMSA-2021-0028)
- 156054 Ubuntu 18.04 LTS / 20.04 LTS : Apache Log4j 2 vulnerability (USN-5192-1)
- 156026 FreeBSD : OpenSearch -- Log4Shell (4b1ac5a3-5bd4-11ec-8602-589cfc007716)
- 156115 Apache Log4Shell RCE detection via callback correlation (Direct Check FTP)
- 156558 Apache JSPWiki Log4Shell Direct Check (CVE-2021-44228)
- 156327 Apache Log4j 2.0 < 2.3.2 / 2.4 < 2.12.4 / 2.13 < 2.17.1 RCE
- 156232 Apache Log4Shell RCE detection via callback correlation (Direct Check SMB)
- 156157 Apache Log4Shell RCE detection via callback correlation (Direct Check POP3)
- 156132 Apache Log4Shell RCE detection via callback correlation (Direct Check SMTP)
- 156018 Debian DLA-2842-1 : apache-log4j2 - LTS security update
- 156161 Ubuntu 16.04 LTS : Apache Log4j 2 vulnerability (USN-5192-2)
- 156032 Log4j EOL / Unsupported Apache Log4j Unsupported Version Detection
- 156157 Apache Log4Shell RCE detection via callback correlation (Direct Check IMAP)
- 156941 MobileIron Core Log4Shell Direct Check (CVE-2021-44228)
- 156258 Apache Log4Shell RCE detection via callback correlation (Direct Check NTP)
- 156016 Apache Log4Shell RCE detection via Path Enumeration (Direct Check HTTP)
- 156871 Amazon Linux AMI : log4j (ALAS-2022-1562)
- 156182 Amazon Linux 2 : java-17-amazon-corretto, java-11-amazon-corretto, java-1.8.0-openjdk, java-1.7.0-openjdk (ALAS-2021-1731)
- 156166 Apache Log4Shell RCE detection via callback correlation (Direct Check SSH)
- 156375 Apache Log4Shell RCE detection via callback correlation (Direct Check UPnP)
- 156139 openSUSE 15 Security Update : log4j (openSUSE-SU-2021:4107-1)
- 157137 Oracle Linux 6 : log4j (ELSA-2022-9056)
- 156197 Apache Log4Shell RCE detection via callback correlation (Direct Check NetBIOS)
- 156015 Debian DSA-5020-1 : apache-log4j2 - security update
- 156169 SUSE SLES15 Security Update : log4j (SUSE-SU-2021:4111-1)
- 156559 Apache Log4Shell RCE detection via callback correlation (Direct Check RPCBIND)
- 156218 openSUSE 15 Security Update : log4j (openSUSE-SU-2021:1601-1)
- 156112 Amazon Linux 2 : aws-kinesis-agent (ALAS-2021-1730)
- 156014 Apache Log4Shell RCE detection via callback correlation (Direct Check HTTP)
- 156174 Amazon Linux AMI : java-1.8.0-openjdk, java-1.7.0-openjdk, java-1.6.0-openjdk (ALAS-2021-1553)
- 156164 Apache Log4Shell CVE-2021-45046 Bypass Remote Code Execution
- 156052 FreeBSD : bastillion -- log4j vulnerability (515df85a-5cd7-11ec-a16d-001517a2e1a4)
- 156257 Apache Log4Shell RCE detection via callback correlation (Direct Check DNS)
- 156455 Apache Log4Shell RCE detection via callback correlation (Direct Check PPTP)
- 156002 Apache Log4j < 2.15.0 Remote Code Execution
- 156158 Apache Log4Shell RCE detection via callback correlation (Direct Check Telnet)
- 156669 Apache Log4Shell RCE detection via callback correlation (Direct Check MSRPC)
- 156324 FreeBSD : OpenSearch -- Log4Shell (b0f49cb9-6736-11ec-9eea-589cfc007716)
- 156078 FreeBSD : serviio -- affected by log4j vulnerability (1ea05bb8-5d74-11ec-bb1e-001517a2e1a4)
- 156560 VMware Horizon Log4Shell Direct Check (CVE-2021-44228) (VMSA-2021-0028)
- 156473 Apache OFBiz Log4Shell Direct Check (CVE-2021-44228)
- 156146 openSUSE 15 Security Update : log4j (openSUSE-SU-2021:1577-1)
- 156124 Debian DSA-5022-1 : apache-log4j2 - security update
- 156177 openSUSE 15 Security Update : log4j (openSUSE-SU-2021:4111-1)
- 157159 Oracle Linux 8 : parfait:0.5 (ELSA-2022-0290)
- 156145 openSUSE 15 Security Update : log4j (openSUSE-SU-2021:3999-1)
- 156256 Apache Log4Shell RCE detection via callback correlation (Direct Check SNMP)
- 156172 SUSE SLED15 / SLES15 Security Update : log4j12 (SUSE-SU-2021:4112-1)
- 156276 openSUSE 15 Security Update : log4j12 (openSUSE-SU-2021:1612-1)
- 156181 openSUSE 15 Security Update : log4j12 (openSUSE-SU-2021:4112-1)
- 156103 Apache Log4j 1.2 JMSAppender Remote Code Execution (CVE-2021-4104)
- 156165 Apache Log4j 2.x < 2.16.0 RCE (MacOS)
- 156210 FreeBSD : graylog -- remote code execution in log4j from user-controlled log input (650734b2-7665-4170-9a0a-eeced5e10a5e)
- 156035 VMware vCenter Log4Shell Direct Check (CVE-2021-44228) (VMSA-2021-0028)
- 156183 Apache Log4j 2.x < 2.17.0 DoS
- 156104 Ubuntu 20.04 LTS : Apache Log4j 2 vulnerability (USN-5197-1)
- 156441 Ubiquiti UniFi Network Log4Shell Direct Check (CVE-2021-44228)
- 156891 Oracle Primavera P6 Enterprise Project Portfolio Management (Jan 2022 CPU)
- 156753 Apache Druid Log4Shell Direct Check (CVE-2021-44228)
- 156175 Amazon Linux 2 : java-1.8.0-amazon-corretto (ALAS-2021-001)
- 156712 Ubuntu 18.04 LTS / 20.04 LTS / 21.04 / 21.10 : Apache Log4j 1.2 vulnerability (USN-5223-1)
- 156000 Apache Log4j Installed (Unix)
- 156167 SUSE SLES11 Security Update : log4j (SUSE-SU-2021:14866-1)
- 156056 Apache Log4Shell RCE detection via Raw Socket Logging (Direct Check)
- 156021 FreeBSD : graylog -- include log4j patches (3fadd7e4-f8fb-45a0-a218-8fd6423c338f)
- 156153 openSUSE 15 Security Update : log4j (openSUSE-SU-2021:4094-1)
- 156893 Oracle Primavera Gateway (Jan 2022 CPU)
- 156471 Apache Solr Log4Shell Direct Check (CVE-2021-44228)
- 156340 openSUSE 15 Security Update : kafka (openSUSE-SU-2021:1631-1)
- 156150 openSUSE 15 Security Update : log4j (openSUSE-SU-2021:1586-1)
- 156180 openSUSE 15 Security Update : logback (openSUSE-SU-2021:4109-1)
- 156264 Amazon Linux AMI : log4j-cve-2021-44228-hotpatch (ALAS-2021-1554)
- 156170 SUSE SLED12 / SLES12 Security Update : log4j (SUSE-SU-2021:4115-1)
- 155999 Apache Log4j < 2.15.0 Remote Code Execution
- 156206 Oracle Linux 7 : log4j (ELSA-2021-5206)
- 156001 Apache Log4j JAR Detection (Windows)
- 155998 Apache Log4j Message Lookup Substitution RCE (Log4Shell) (Direct Check)
- 156057 Apache Log4j 2.x < 2.16.0 RCE
- 156279 openSUSE 15 Security Update : logback (openSUSE-SU-2021:1613-1)
- 156017 SIP Script Remote Command Execution via log4shell
Plugin Details
File Name: log4j_vulnerable_ecosystem_launcher.nasl
Supported Sensors: Nessus