xeraph
commented
2 years ago @WWIJP Use [?] sign for identification. For example: [?] Found CVE-2021-4104 (log4j 1.2) vulnerability in d:\tmp2\log4j-1.2.11.jar, log4j N/A (mitigated)
Open WWIJP opened 2 years ago
xeraph
commented
2 years ago @WWIJP Use [?] sign for identification. For example: [?] Found CVE-2021-4104 (log4j 1.2) vulnerability in d:\tmp2\log4j-1.2.11.jar, log4j N/A (mitigated)
WWIJP
commented
2 years ago Hello, Sorry but I don’t understand what you mean. Please explain it in details. Thanks
Best regards Philipp
@WWIJPhttps://github.com/WWIJP Use [?] sign for identification. For example: [?] Found CVE-2021-4104 (log4j 1.2) vulnerability in d:\tmp2\log4j-1.2.11.jar, log4j N/A (mitigated)
— Reply to this email directly, view it on GitHubhttps://github.com/logpresso/CVE-2021-44228-Scanner/issues/264#issuecomment-1026882270, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ANCPP2QOYLG6JHFRIDFEBF3UY7SNVANCNFSM5NI2DPVQ. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. You are receiving this because you were mentioned.Message ID: @.**@.>>
Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.
This email may contain confidential and/or privileged information. If you are not the intended recipient (or have received this email in error) please notify the sender immediately and destroy this email. Any unauthorized copying, disclosure or distribution of the material in this email is strictly forbidden.
xeraph
commented
2 years ago @WWIJP Potentially vulnerable message starts with [?]. You can identify potentially vulnerable output like this:
# ./log4j2-scan --scan-log4j1 t |grep ^\\[?\\]
[?] Found CVE-2021-4104 (log4j 1.2) vulnerability in /path/to/log4j-1.1.3.jar, log4j N/A (mitigated)Hello Yang
Ah ok but we’ve just the “[?] Found” like: [?] Found CVE-2021-4104 (log4j 1.2) vulnerability in /path/to/log4j-1.1.3.jar, log4j N/A
Without the (mitigated)part at the end.
@.***
Its just a little bit confusing about the different states. In all “[x] Found“ lines is the string “vulnerability in” and the differences are at the end or the start of the line. For mitigated “Found” lines there is no different sign at the start of the line just “[*]”. A clear sign at the start of the line would be perfect for a better identification for each state (potentially vulnerable/vulnerable/mitigated (please correct me if I’m wrong)).
At the page: https://github.com/logpresso/CVE-2021-44228-Scanner There are no information’s about the states, this would be useful. Is there a possibility for enhancement?
Thanks
Best regards Philipp Von: Yang, BongYeol (xeraph) @. Gesendet: Dienstag, 1. Februar 2022 15:19 An: logpresso/CVE-2021-44228-Scanner @.> Cc: Henkel, Jan-Philipp (IT/IEV) @.>; Mention @.> Betreff: Re: [logpresso/CVE-2021-44228-Scanner] Extra sign for "potentially vulnerable" "[*] Found" (Issue #264)
@WWIJPhttps://github.com/WWIJP Potentially vulnerable message starts with [?]. You can identify potentially vulnerable output like this:
[?] Found CVE-2021-4104 (log4j 1.2) vulnerability in /path/to/log4j-1.1.3.jar, log4j N/A (mitigated)
— Reply to this email directly, view it on GitHubhttps://github.com/logpresso/CVE-2021-44228-Scanner/issues/264#issuecomment-1026892262, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ANCPP2VD2MCSPT73CM5W5HLUY7TTPANCNFSM5NI2DPVQ. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. You are receiving this because you were mentioned.Message ID: @.**@.>>
Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.
This email may contain confidential and/or privileged information. If you are not the intended recipient (or have received this email in error) please notify the sender immediately and destroy this email. Any unauthorized copying, disclosure or distribution of the material in this email is strictly forbidden.
xeraph
commented
2 years ago @WWIJP Start of the line classifies vulnerable or potentially vulnerable. End of the line specifies it is mitigated or not. It can be combinated like this:
[*] Found CVE_CODE (log4j MAJOR_VER) vulnerability in /path/to/jar, log4j VER
[*] Found CVE_CODE (log4j MAJOR_VER) vulnerability in /path/to/jar, log4j VER (mitigated)
[?] Found CVE_CODE (log4j MAJOR_VER) vulnerability in /path/to/jar, log4j VER
[?] Found CVE_CODE (log4j MAJOR_VER) vulnerability in /path/to/jar, log4j VER (mitigated)
I will add information about sign flag to FAQ page
WWIJP
commented
2 years ago Hello
That is perfect, thanks a lot!
Very best regards Philipp
Von: Yang, BongYeol (xeraph) @. Gesendet: Dienstag, 1. Februar 2022 16:10 An: logpresso/CVE-2021-44228-Scanner @.> Cc: Henkel, Jan-Philipp (IT/IEV) @.>; Mention @.> Betreff: Re: [logpresso/CVE-2021-44228-Scanner] Extra sign for "potentially vulnerable" "[*] Found" (Issue #264)
@WWIJPhttps://github.com/WWIJP Start of the line classifies vulnerable or not vulnerable. End of the line specifies it is mitigated or not. It can be combinated like this: · [] Found CVE_CODE (log4j MAJOR_VER) vulnerability in /path/to/jar, log4j VER o Vulnerable file. it should be mitigated right now. · [] Found CVE_CODE (log4j MAJOR_VER) vulnerability in /path/to/jar, log4j VER (mitigated) o Vulnerable file, but it is mitigated. It should be upgraded later using vendor patch. · [?] Found CVE_CODE (log4j MAJOR_VER) vulnerability in /path/to/jar, log4j VER o Potentially vulnerable file. (most likely log4j 1.x). It is vulnerable only if certain conditions are met. · [?] Found CVE_CODE (log4j MAJOR_VER) vulnerability in /path/to/jar, log4j VER (mitigated) o Potentially vulnerable file. (most likely log4j 1.x), but it is mitigated. It should be upgraded to 2.17.1 or above later using vendor patch.
I will add information about sign flag to FAQ pagehttps://github.com/logpresso/CVE-2021-44228-Scanner/wiki/FAQ
— Reply to this email directly, view it on GitHubhttps://github.com/logpresso/CVE-2021-44228-Scanner/issues/264#issuecomment-1026946178, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ANCPP2UXORLPS6D64ADA4VTUY7ZUXANCNFSM5NI2DPVQ. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. You are receiving this because you were mentioned.Message ID: @.**@.>>
Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.
This email may contain confidential and/or privileged information. If you are not the intended recipient (or have received this email in error) please notify the sender immediately and destroy this email. Any unauthorized copying, disclosure or distribution of the material in this email is strictly forbidden.
WWIJP
commented
2 years ago Hello BongYeol
I’ve a question.
Do you need such files: [?] Found CVE-2021-44228 (log4j 2.x) vulnerability in /tmp/hive-warehouse-connector-assembly-1.0.0.7.1.5.0-257.jar, log4j N/A
To detect the log4j version? If so how is it possible to send it to you?
감사합니다 Best regards and have a nice weekend! Philipp
Von: Yang, BongYeol (xeraph) @. Gesendet: Dienstag, 1. Februar 2022 16:10 An: logpresso/CVE-2021-44228-Scanner @.> Cc: Henkel, Jan-Philipp (IT/IEV) @.>; Mention @.> Betreff: Re: [logpresso/CVE-2021-44228-Scanner] Extra sign for "potentially vulnerable" "[*] Found" (Issue #264)
@WWIJPhttps://github.com/WWIJP Start of the line classifies vulnerable or not vulnerable. End of the line specifies it is mitigated or not. It can be combinated like this: · [] Found CVE_CODE (log4j MAJOR_VER) vulnerability in /path/to/jar, log4j VER o Vulnerable file. it should be mitigated right now. · [] Found CVE_CODE (log4j MAJOR_VER) vulnerability in /path/to/jar, log4j VER (mitigated) o Vulnerable file, but it is mitigated. It should be upgraded later using vendor patch. · [?] Found CVE_CODE (log4j MAJOR_VER) vulnerability in /path/to/jar, log4j VER o Potentially vulnerable file. (most likely log4j 1.x). It is vulnerable only if certain conditions are met. · [?] Found CVE_CODE (log4j MAJOR_VER) vulnerability in /path/to/jar, log4j VER (mitigated) o Potentially vulnerable file. (most likely log4j 1.x), but it is mitigated. It should be upgraded to 2.17.1 or above later using vendor patch.
I will add information about sign flag to FAQ pagehttps://github.com/logpresso/CVE-2021-44228-Scanner/wiki/FAQ
— Reply to this email directly, view it on GitHubhttps://github.com/logpresso/CVE-2021-44228-Scanner/issues/264#issuecomment-1026946178, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ANCPP2UXORLPS6D64ADA4VTUY7ZUXANCNFSM5NI2DPVQ. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. You are receiving this because you were mentioned.Message ID: @.**@.>>
Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.
This email may contain confidential and/or privileged information. If you are not the intended recipient (or have received this email in error) please notify the sender immediately and destroy this email. Any unauthorized copying, disclosure or distribution of the material in this email is strictly forbidden.
xeraph
commented
2 years ago @WWIJP Maybe that is the file from cloudera. You can compress hive-warehouse-connector-assembly-1.0.0.7.1.5.0-257.jar to zip file and upload here (drag file and drop it to comment input area). You can also use file sharing service (e.g. box.com) and send file link to xeraph@logpresso.com
Hello
Would it be possible to show the "potentially vulnerable" information as well in the output like it is done for mitigated files: [*] Found CVE-2021-44228 (log4j 2.x) vulnerability in /usr/lib/check_mk_agent/UUUUU_log4j_scan_file_mitigated_1.jar (BOOT-INF/lib/log4j-core-2.7.jar), log4j 2.7 (mitigated)
Example: [*] Found CVE-2021-44228 (log4j 2.x) vulnerability in /usr/lib/check_mk_agent/ZZZZZ_log4j_scan_file_mitigated_1.jar (BOOT-INF/lib/log4j-core-2.7.jar), log4j 2.7 (potentially vulnerable)
This would help to identify the files.
Thanks
Best regards Philipp