The version of log4j installed on the remote host is prior to 1.2.17-16.12. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1562 advisory.

  - In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive     serialized log events from another application, a specially crafted binary payload can be sent that, when     deserialized, can execute arbitrary code. (CVE-2017-5645)

  - Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data     which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when     listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
    (CVE-2019-17571)

  - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write     access to the Log4j configuration. The attacker can provide TopicBindingName and     TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result     in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2     when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of     life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the     previous versions. (CVE-2021-4104)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

Amazon Linux AMI : log4j (ALAS-2022-1562)

critical Nessus Plugin ID 156871

Version 1.5

Version 1.4

Version 1.5 Nov 21, 2023, 1:14 AM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202311210114
Version 1.4 Feb 20, 2023, 11:57 PM Regenerated based on advisory update Plugin Feed: 202302202357