Extra sign for "potentially vulnerable" "[*] Found" #264
Assignees
Labels
discussion
question or suggestion
Comments
|
@WWIJP Use |
|
Hello, Sorry but I don’t understand what you mean.
Please explain it in details.
Thanks
Best regards
Philipp
@WWIJP<https://github.com/WWIJP> Use [?] sign for identification. For example: [?] Found CVE-2021-4104 (log4j 1.2) vulnerability in d:\tmp2\log4j-1.2.11.jar, log4j N/A (mitigated)
—
Reply to this email directly, view it on GitHub<#264 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ANCPP2QOYLG6JHFRIDFEBF3UY7SNVANCNFSM5NI2DPVQ>.
Triage notifications on the go with GitHub Mobile for iOS<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you were mentioned.Message ID: ***@***.******@***.***>>
*******************************************************************************
Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.
This email may contain confidential and/or privileged information. If you are not the intended recipient (or have received this email in error) please notify the sender immediately and destroy this email. Any unauthorized copying, disclosure or distribution of the material in this email is strictly forbidden.
*******************************************************************************
|
|
@WWIJP Potentially vulnerable message starts with |
|
Hello Yang
Ah ok but we’ve just the “[?] Found” like:
[?] Found CVE-2021-4104 (log4j 1.2) vulnerability in /path/to/log4j-1.1.3.jar, log4j N/A
Without the (mitigated)part at the end.
***@***.***
Its just a little bit confusing about the different states.
In all “[x] Found“ lines is the string “vulnerability in”
and the differences are at the end or the start of the line.
For mitigated “Found” lines there is no different sign at the start of the line just “[*]”.
A clear sign at the start of the line would be perfect for a better identification for each state (potentially vulnerable/vulnerable/mitigated (please correct me if I’m wrong)).
At the page:
https://github.com/logpresso/CVE-2021-44228-Scanner
There are no information’s about the states, this would be useful.
Is there a possibility for enhancement?
Thanks
Best regards
Philipp
Von: Yang, BongYeol (xeraph) ***@***.***
Gesendet: Dienstag, 1. Februar 2022 15:19
An: logpresso/CVE-2021-44228-Scanner ***@***.***>
Cc: Henkel, Jan-Philipp (IT/IEV) ***@***.***>; Mention ***@***.***>
Betreff: Re: [logpresso/CVE-2021-44228-Scanner] Extra sign for "potentially vulnerable" "[*] Found" (Issue #264)
@WWIJP<https://github.com/WWIJP> Potentially vulnerable message starts with [?]. You can identify potentially vulnerable output like this:
# ./log4j2-scan --scan-log4j1 t |grep ^\\[?\\]
[?] Found CVE-2021-4104 (log4j 1.2) vulnerability in /path/to/log4j-1.1.3.jar, log4j N/A (mitigated)
—
Reply to this email directly, view it on GitHub<#264 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ANCPP2VD2MCSPT73CM5W5HLUY7TTPANCNFSM5NI2DPVQ>.
Triage notifications on the go with GitHub Mobile for iOS<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you were mentioned.Message ID: ***@***.******@***.***>>
*******************************************************************************
Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.
This email may contain confidential and/or privileged information. If you are not the intended recipient (or have received this email in error) please notify the sender immediately and destroy this email. Any unauthorized copying, disclosure or distribution of the material in this email is strictly forbidden.
*******************************************************************************
|
|
@WWIJP
I will add information about sign flag to FAQ page |
|
Hello
That is perfect, thanks a lot!
Very best regards
Philipp
Von: Yang, BongYeol (xeraph) ***@***.***
Gesendet: Dienstag, 1. Februar 2022 16:10
An: logpresso/CVE-2021-44228-Scanner ***@***.***>
Cc: Henkel, Jan-Philipp (IT/IEV) ***@***.***>; Mention ***@***.***>
Betreff: Re: [logpresso/CVE-2021-44228-Scanner] Extra sign for "potentially vulnerable" "[*] Found" (Issue #264)
@WWIJP<https://github.com/WWIJP>
Start of the line classifies vulnerable or not vulnerable. End of the line specifies it is mitigated or not.
It can be combinated like this:
· [*] Found CVE_CODE (log4j MAJOR_VER) vulnerability in /path/to/jar, log4j VER
o Vulnerable file. it should be mitigated right now.
· [*] Found CVE_CODE (log4j MAJOR_VER) vulnerability in /path/to/jar, log4j VER (mitigated)
o Vulnerable file, but it is mitigated. It should be upgraded later using vendor patch.
· [?] Found CVE_CODE (log4j MAJOR_VER) vulnerability in /path/to/jar, log4j VER
o Potentially vulnerable file. (most likely log4j 1.x). It is vulnerable only if certain conditions are met.
· [?] Found CVE_CODE (log4j MAJOR_VER) vulnerability in /path/to/jar, log4j VER (mitigated)
o Potentially vulnerable file. (most likely log4j 1.x), but it is mitigated. It should be upgraded to 2.17.1 or above later using vendor patch.
I will add information about sign flag to FAQ page<https://github.com/logpresso/CVE-2021-44228-Scanner/wiki/FAQ>
—
Reply to this email directly, view it on GitHub<#264 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ANCPP2UXORLPS6D64ADA4VTUY7ZUXANCNFSM5NI2DPVQ>.
Triage notifications on the go with GitHub Mobile for iOS<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you were mentioned.Message ID: ***@***.******@***.***>>
*******************************************************************************
Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.
This email may contain confidential and/or privileged information. If you are not the intended recipient (or have received this email in error) please notify the sender immediately and destroy this email. Any unauthorized copying, disclosure or distribution of the material in this email is strictly forbidden.
*******************************************************************************
|
|
Hello BongYeol
I’ve a question.
Do you need such files:
[?] Found CVE-2021-44228 (log4j 2.x) vulnerability in /tmp/hive-warehouse-connector-assembly-1.0.0.7.1.5.0-257.jar, log4j N/A
To detect the log4j version?
If so how is it possible to send it to you?
감사합니다
Best regards and have a nice weekend!
Philipp
Von: Yang, BongYeol (xeraph) ***@***.***
Gesendet: Dienstag, 1. Februar 2022 16:10
An: logpresso/CVE-2021-44228-Scanner ***@***.***>
Cc: Henkel, Jan-Philipp (IT/IEV) ***@***.***>; Mention ***@***.***>
Betreff: Re: [logpresso/CVE-2021-44228-Scanner] Extra sign for "potentially vulnerable" "[*] Found" (Issue #264)
@WWIJP<https://github.com/WWIJP>
Start of the line classifies vulnerable or not vulnerable. End of the line specifies it is mitigated or not.
It can be combinated like this:
· [*] Found CVE_CODE (log4j MAJOR_VER) vulnerability in /path/to/jar, log4j VER
o Vulnerable file. it should be mitigated right now.
· [*] Found CVE_CODE (log4j MAJOR_VER) vulnerability in /path/to/jar, log4j VER (mitigated)
o Vulnerable file, but it is mitigated. It should be upgraded later using vendor patch.
· [?] Found CVE_CODE (log4j MAJOR_VER) vulnerability in /path/to/jar, log4j VER
o Potentially vulnerable file. (most likely log4j 1.x). It is vulnerable only if certain conditions are met.
· [?] Found CVE_CODE (log4j MAJOR_VER) vulnerability in /path/to/jar, log4j VER (mitigated)
o Potentially vulnerable file. (most likely log4j 1.x), but it is mitigated. It should be upgraded to 2.17.1 or above later using vendor patch.
I will add information about sign flag to FAQ page<https://github.com/logpresso/CVE-2021-44228-Scanner/wiki/FAQ>
—
Reply to this email directly, view it on GitHub<#264 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ANCPP2UXORLPS6D64ADA4VTUY7ZUXANCNFSM5NI2DPVQ>.
Triage notifications on the go with GitHub Mobile for iOS<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you were mentioned.Message ID: ***@***.******@***.***>>
*******************************************************************************
Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.
This email may contain confidential and/or privileged information. If you are not the intended recipient (or have received this email in error) please notify the sender immediately and destroy this email. Any unauthorized copying, disclosure or distribution of the material in this email is strictly forbidden.
*******************************************************************************
|
|
@WWIJP Maybe that is the file from cloudera. You can compress hive-warehouse-connector-assembly-1.0.0.7.1.5.0-257.jar to zip file and upload here (drag file and drop it to comment input area). You can also use file sharing service (e.g. box.com) and send file link to xeraph@logpresso.com |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello
Would it be possible to show the "potentially vulnerable" information as well in the output like it is done for mitigated files:
[*] Found CVE-2021-44228 (log4j 2.x) vulnerability in /usr/lib/check_mk_agent/UUUUU_log4j_scan_file_mitigated_1.jar (BOOT-INF/lib/log4j-core-2.7.jar), log4j 2.7 (mitigated)
Example:
[*] Found CVE-2021-44228 (log4j 2.x) vulnerability in /usr/lib/check_mk_agent/ZZZZZ_log4j_scan_file_mitigated_1.jar (BOOT-INF/lib/log4j-core-2.7.jar), log4j 2.7 (potentially vulnerable)
This would help to identify the files.
Thanks
Best regards
Philipp
The text was updated successfully, but these errors were encountered: