Generic.Detection.Log4jVulnHunter

This artifact searches for Vulnerable log4j libraries.

The artifact:

  • firstly searches for jar, war and ear files
  • then recursively checks content by name then hash for vulnerable versions.
  • reports hit details.

The artifact is optimised to recursively search through embedded jar,war and ear files by extracting any discovered jar containers to a tempfile on disk. Select UploadHits to upload Discovered file for further analysis. It is recommended to increase default artifact timeout for large servers or target glob.

Some examples of path glob may include:

  • Specific container: /path/here/log4j-core-2.0-alpha2.jar
  • Wildcards: /var/www/*.{jar,war,ear}
  • More wildcards: /var/www/**/*.jar
  • Windows: C:/**/*.jar

NOTE: this artifact runs the glob plugin with the nosymlink switch turned on. This will NOT follow any symlinks and may cause unexpected results if unknowingly targeting a folder with symlinks.

name: Generic.Detection.Log4jVulnHunter
author: "Matt Green - @mgreen27"
description: |
    This artifact searches for Vulnerable log4j libraries.

    The artifact:

    * firstly searches for jar, war and ear files
    * then recursively checks content by name then hash for vulnerable
      versions.
    * reports hit details.

    The artifact is optimised to recursively search through embedded
    jar,war and ear files by extracting any discovered jar containers
    to a tempfile on disk.  Select UploadHits to upload Discovered
    file for further analysis.  It is recommended to increase default
    artifact timeout for large servers or target glob.

    Some examples of path glob may include:

    * Specific container: `/path/here/log4j-core-2.0-alpha2.jar`
    * Wildcards: `/var/www/*.{jar,war,ear}`
    * More wildcards: `/var/www/**/*.jar`
    * Windows: `C:/**/*.jar`

    NOTE: this artifact runs the glob plugin with the nosymlink switch
    turned on.  This will NOT follow any symlinks and may cause
    unexpected results if unknowingly targeting a folder with
    symlinks.

reference:
  - https://www.lunasec.io/docs/blog/log4j-zero-day/
  - https://github.com/lunasec-io/lunasec/blob/master/tools/log4shell/findings.json
  - https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes

parameters:
  - name: TargetGlob
    default: "**/*.{jar,war,ear}"
  - name: MaxRecursions
    description: Number of recursions to allow checking inside archives. Default is 10 layers.
    default: 10
    type: int
  - name: UploadHits
    description: Select to upload hits to server.
    type: bool
  - name: IocLookupTable
    type: csv
    default: |
        JarName,FileName,SHA256,JndiFileName,JndiSHA256,Version,Cve,Severity
        log4j-core-2.0-beta9.jar,org/apache/logging/log4j/core/lookup/JndiLookup.class,39a495034d37c7934b64a9aa686ea06b61df21aa222044cc50a47d6903ba1ca8,org/apache/logging/log4j/core/lookup/JndiLookup.class,39a495034d37c7934b64a9aa686ea06b61df21aa222044cc50a47d6903ba1ca8,"2.0.0-beta9, 2.0.0-rc1",CVE-2021-44228," 10.0"
        log4j-core-osgi-reduced-2.0-beta9.jar,org/apache/logging/log4j/core/lookup/JndiLookup.class,39a495034d37c7934b64a9aa686ea06b61df21aa222044cc50a47d6903ba1ca8,org/apache/logging/log4j/core/lookup/JndiLookup.class,39a495034d37c7934b64a9aa686ea06b61df21aa222044cc50a47d6903ba1ca8,"2.0.0-beta9, 2.0.0-rc1",CVE-2021-44228," 10.0"
        log4j-core-2.0.jar,org/apache/logging/log4j/core/lookup/JndiLookup.class,fd6c63c11f7a6b52eff04be1de3477c9ddbbc925022f7216320e6db93f1b7d29,org/apache/logging/log4j/core/lookup/JndiLookup.class,fd6c63c11f7a6b52eff04be1de3477c9ddbbc925022f7216320e6db93f1b7d29,2.0.0,CVE-2021-44228," 10.0"
        log4j-core-2.0-rc1.jar,org/apache/logging/log4j/core/lookup/JndiLookup.class,39a495034d37c7934b64a9aa686ea06b61df21aa222044cc50a47d6903ba1ca8,org/apache/logging/log4j/core/lookup/JndiLookup.class,39a495034d37c7934b64a9aa686ea06b61df21aa222044cc50a47d6903ba1ca8,"2.0.0-beta9, 2.0.0-rc1",CVE-2021-44228," 10.0"
        log4j-core-osgi-reduced-2.0-rc1.jar,org/apache/logging/log4j/core/lookup/JndiLookup.class,39a495034d37c7934b64a9aa686ea06b61df21aa222044cc50a47d6903ba1ca8,org/apache/logging/log4j/core/lookup/JndiLookup.class,39a495034d37c7934b64a9aa686ea06b61df21aa222044cc50a47d6903ba1ca8,"2.0.0-beta9, 2.0.0-rc1",CVE-2021-44228," 10.0"
        log4j-core-2.0-rc2.jar,org/apache/logging/log4j/core/lookup/JndiLookup.class,a03e538ed25eff6c4fe48aabc5514e5ee687542f29f2206256840e74ed59bcd2,org/apache/logging/log4j/core/lookup/JndiLookup.class,a03e538ed25eff6c4fe48aabc5514e5ee687542f29f2206256840e74ed59bcd2,2.0.0-rc2,CVE-2021-44228," 10.0"
        log4j-core-2.0.1.jar,org/apache/logging/log4j/core/lookup/JndiLookup.class,964fa0bf8c045097247fa0c973e0c167df08720409fd9e44546e0ceda3925f3e,org/apache/logging/log4j/core/lookup/JndiLookup.class,964fa0bf8c045097247fa0c973e0c167df08720409fd9e44546e0ceda3925f3e,2.0.1,CVE-2021-44228," 10.0"
        log4j-core-2.0.2.jar,org/apache/logging/log4j/core/lookup/JndiLookup.class,9626798cce6abd0f2ffef89f1a3d0092a60d34a837a02bbe571dbe00236a2c8c,org/apache/logging/log4j/core/lookup/JndiLookup.class,9626798cce6abd0f2ffef89f1a3d0092a60d34a837a02bbe571dbe00236a2c8c,2.0.2,CVE-2021-44228," 10.0"
        log4j-core-2.1.jar,org/apache/logging/log4j/core/net/JndiManager.class,ae950f9435c0ef3373d4030e7eff175ee11044e584b7f205b7a9804bbe795f9c,org/apache/logging/log4j/core/lookup/JndiLookup.class,a768e5383990b512f9d4f97217eda94031c2fa4aea122585f5a475ab99dc7307,"2.1.0, 2.2.0, 2.3.0",CVE-2021-44228," 10.0"
        log4j-core-2.10.0.jar,org/apache/logging/log4j/core/net/JndiManager.class,293d7e83d4197f0496855f40a7745cfcdd10026dc057dfc1816de57295be88a6,org/apache/logging/log4j/core/lookup/JndiLookup.class,0f038a1e0aa0aff76d66d1440c88a2b35a3d023ad8b2e3bac8e25a3208499f7e,"2.10.0, 2.11.0, 2.11.1, 2.11.2, 2.9.0, 2.9.1",CVE-2021-44228," 10.0"
        log4j-core-2.11.0.jar,org/apache/logging/log4j/core/net/JndiManager.class,293d7e83d4197f0496855f40a7745cfcdd10026dc057dfc1816de57295be88a6,org/apache/logging/log4j/core/lookup/JndiLookup.class,0f038a1e0aa0aff76d66d1440c88a2b35a3d023ad8b2e3bac8e25a3208499f7e,"2.10.0, 2.11.0, 2.11.1, 2.11.2, 2.9.0, 2.9.1",CVE-2021-44228," 10.0"
        log4j-core-2.11.1.jar,org/apache/logging/log4j/core/net/JndiManager.class,293d7e83d4197f0496855f40a7745cfcdd10026dc057dfc1816de57295be88a6,org/apache/logging/log4j/core/lookup/JndiLookup.class,0f038a1e0aa0aff76d66d1440c88a2b35a3d023ad8b2e3bac8e25a3208499f7e,"2.10.0, 2.11.0, 2.11.1, 2.11.2, 2.9.0, 2.9.1",CVE-2021-44228," 10.0"
        log4j-core-2.11.2.jar,org/apache/logging/log4j/core/net/JndiManager.class,293d7e83d4197f0496855f40a7745cfcdd10026dc057dfc1816de57295be88a6,org/apache/logging/log4j/core/lookup/JndiLookup.class,0f038a1e0aa0aff76d66d1440c88a2b35a3d023ad8b2e3bac8e25a3208499f7e,"2.10.0, 2.11.0, 2.11.1, 2.11.2, 2.9.0, 2.9.1",CVE-2021-44228," 10.0"
        log4j-core-2.12.0.jar,org/apache/logging/log4j/core/net/JndiManager.class,1fa92c00fa0b305b6bbe6e2ee4b012b588a906a20a05e135cbe64c9d77d676de,org/apache/logging/log4j/core/lookup/JndiLookup.class,5c104d16ff9831b456e4d7eaf66bcf531f086767782d08eece3fb37e40467279,"2.12.0, 2.12.1",CVE-2021-44228," 10.0"
        log4j-core-2.12.1.jar,org/apache/logging/log4j/core/net/JndiManager.class,1fa92c00fa0b305b6bbe6e2ee4b012b588a906a20a05e135cbe64c9d77d676de,org/apache/logging/log4j/core/lookup/JndiLookup.class,5c104d16ff9831b456e4d7eaf66bcf531f086767782d08eece3fb37e40467279,"2.12.0, 2.12.1",CVE-2021-44228," 10.0"
        log4j-core-2.12.2.jar,org/apache/logging/log4j/core/net/JndiManager.class,b1960d63a3946f9e16e1920624f37c152b58b98932ed04df99ed5d9486732afb,org/apache/logging/log4j/core/lookup/JndiLookup.class,febbc7867784d0f06934fec59df55ee45f6b24c55b17fff71cc4fca80bf22ebb,2.12.2,CVE-2021-44228," 10.0"
        log4j-core-2.13.0.jar,org/apache/logging/log4j/core/net/JndiManager.class,c3e95da6542945c1a096b308bf65bbd7fcb96e3d201e5a2257d85d4dedc6a078,org/apache/logging/log4j/core/lookup/JndiLookup.class,2b32bfc0556ea59307b9b2fde75b6dfbb5bf4f1d008d1402bc9a2357d8a8c61f,"2.13.0, 2.13.1, 2.13.2, 2.13.3",CVE-2021-44228," 10.0"
        log4j-core-2.13.1.jar,org/apache/logging/log4j/core/net/JndiManager.class,c3e95da6542945c1a096b308bf65bbd7fcb96e3d201e5a2257d85d4dedc6a078,org/apache/logging/log4j/core/lookup/JndiLookup.class,2b32bfc0556ea59307b9b2fde75b6dfbb5bf4f1d008d1402bc9a2357d8a8c61f,"2.13.0, 2.13.1, 2.13.2, 2.13.3",CVE-2021-44228," 10.0"
        log4j-core-2.13.2.jar,org/apache/logging/log4j/core/net/JndiManager.class,c3e95da6542945c1a096b308bf65bbd7fcb96e3d201e5a2257d85d4dedc6a078,org/apache/logging/log4j/core/lookup/JndiLookup.class,2b32bfc0556ea59307b9b2fde75b6dfbb5bf4f1d008d1402bc9a2357d8a8c61f,"2.13.0, 2.13.1, 2.13.2, 2.13.3",CVE-2021-44228," 10.0"
        log4j-core-2.13.3.jar,org/apache/logging/log4j/core/net/JndiManager.class,c3e95da6542945c1a096b308bf65bbd7fcb96e3d201e5a2257d85d4dedc6a078,org/apache/logging/log4j/core/lookup/JndiLookup.class,2b32bfc0556ea59307b9b2fde75b6dfbb5bf4f1d008d1402bc9a2357d8a8c61f,"2.13.0, 2.13.1, 2.13.2, 2.13.3",CVE-2021-44228," 10.0"
        log4j-core-2.14.0.jar,org/apache/logging/log4j/core/net/JndiManager.class,77323460255818f4cbfe180141d6001bfb575b429e00a07cbceabd59adf334d6,org/apache/logging/log4j/core/lookup/JndiLookup.class,84057480ba7da6fb6d9ea50c53a00848315833c1f34bf8f4a47f11a14499ae3f,"2.14.0, 2.14.1",CVE-2021-44228," 10.0"
        log4j-core-2.14.1.jar,org/apache/logging/log4j/core/net/JndiManager.class,77323460255818f4cbfe180141d6001bfb575b429e00a07cbceabd59adf334d6,org/apache/logging/log4j/core/lookup/JndiLookup.class,84057480ba7da6fb6d9ea50c53a00848315833c1f34bf8f4a47f11a14499ae3f,"2.14.0, 2.14.1",CVE-2021-44228," 10.0"
        log4j-core-2.15.0.jar,org/apache/logging/log4j/core/net/JndiManager.class,db07ef1ea174e000b379732681bd835cfede648a7971bf4e9a0d31981582d69e,org/apache/logging/log4j/core/lookup/JndiLookup.class,84057480ba7da6fb6d9ea50c53a00848315833c1f34bf8f4a47f11a14499ae3f,2.15.0,CVE-2021-45046," 9.0"
        log4j-core-2.16.0.jar,org/apache/logging/log4j/core/net/JndiManager.class,5210e6aae7dd8a61cd16c56937c5f2ed43941487830f46e99d0d3f45bfa6f953,org/apache/logging/log4j/core/lookup/JndiLookup.class,84057480ba7da6fb6d9ea50c53a00848315833c1f34bf8f4a47f11a14499ae3f,2.16.0,CVE-2021-45105," 7.5"
        log4j-core-2.2.jar,org/apache/logging/log4j/core/net/JndiManager.class,ae950f9435c0ef3373d4030e7eff175ee11044e584b7f205b7a9804bbe795f9c,org/apache/logging/log4j/core/lookup/JndiLookup.class,a768e5383990b512f9d4f97217eda94031c2fa4aea122585f5a475ab99dc7307,"2.1.0, 2.2.0, 2.3.0",CVE-2021-44228," 10.0"
        log4j-core-2.3.jar,org/apache/logging/log4j/core/net/JndiManager.class,ae950f9435c0ef3373d4030e7eff175ee11044e584b7f205b7a9804bbe795f9c,org/apache/logging/log4j/core/lookup/JndiLookup.class,a768e5383990b512f9d4f97217eda94031c2fa4aea122585f5a475ab99dc7307,"2.1.0, 2.2.0, 2.3.0",CVE-2021-44228," 10.0"
        log4j-core-2.4.jar,org/apache/logging/log4j/core/net/JndiManager.class,3bff6b3011112c0b5139a5c3aa5e698ab1531a2f130e86f9e4262dd6018916d7,org/apache/logging/log4j/core/lookup/JndiLookup.class,a534961bbfce93966496f86c9314f46939fd082bb89986b48b7430c3bea903f7,"2.4.0, 2.4.1, 2.5.0",CVE-2021-44228," 10.0"
        log4j-core-2.4.1.jar,org/apache/logging/log4j/core/net/JndiManager.class,3bff6b3011112c0b5139a5c3aa5e698ab1531a2f130e86f9e4262dd6018916d7,org/apache/logging/log4j/core/lookup/JndiLookup.class,a534961bbfce93966496f86c9314f46939fd082bb89986b48b7430c3bea903f7,"2.4.0, 2.4.1, 2.5.0",CVE-2021-44228," 10.0"
        log4j-core-2.5.jar,org/apache/logging/log4j/core/net/JndiManager.class,3bff6b3011112c0b5139a5c3aa5e698ab1531a2f130e86f9e4262dd6018916d7,org/apache/logging/log4j/core/lookup/JndiLookup.class,a534961bbfce93966496f86c9314f46939fd082bb89986b48b7430c3bea903f7,"2.4.0, 2.4.1, 2.5.0",CVE-2021-44228," 10.0"
        log4j-core-2.6.jar,org/apache/logging/log4j/core/net/JndiManager.class,6540d5695ddac8b0a343c2e91d58316cfdbfdc5b99c6f3f91bc381bc6f748246,org/apache/logging/log4j/core/lookup/JndiLookup.class,e8ffed196e04f81b015f847d4ec61f22f6731c11b5a21b1cfc45ccbc58b8ea45,"2.6.0, 2.6.1, 2.6.2",CVE-2021-44228," 10.0"
        log4j-core-2.6.1.jar,org/apache/logging/log4j/core/net/JndiManager.class,6540d5695ddac8b0a343c2e91d58316cfdbfdc5b99c6f3f91bc381bc6f748246,org/apache/logging/log4j/core/lookup/JndiLookup.class,e8ffed196e04f81b015f847d4ec61f22f6731c11b5a21b1cfc45ccbc58b8ea45,"2.6.0, 2.6.1, 2.6.2",CVE-2021-44228," 10.0"
        log4j-core-2.6.2.jar,org/apache/logging/log4j/core/net/JndiManager.class,6540d5695ddac8b0a343c2e91d58316cfdbfdc5b99c6f3f91bc381bc6f748246,org/apache/logging/log4j/core/lookup/JndiLookup.class,e8ffed196e04f81b015f847d4ec61f22f6731c11b5a21b1cfc45ccbc58b8ea45,"2.6.0, 2.6.1, 2.6.2",CVE-2021-44228," 10.0"
        log4j-core-2.7.jar,org/apache/logging/log4j/core/net/JndiManager.class,1584b839cfceb33a372bb9e6f704dcea9701fa810a9ba1ad3961615a5b998c32,org/apache/logging/log4j/core/lookup/JndiLookup.class,cee2305065bb61d434cdb45cfdaa46e7da148e5c6a7678d56f3e3dc8d7073eae,"2.7.0, 2.8.0, 2.8.1",CVE-2021-44228," 10.0"
        log4j-core-2.8.jar,org/apache/logging/log4j/core/net/JndiManager.class,1584b839cfceb33a372bb9e6f704dcea9701fa810a9ba1ad3961615a5b998c32,org/apache/logging/log4j/core/lookup/JndiLookup.class,66c89e2d5ae674641138858b571e65824df6873abb1677f7b2ef5c0dd4dbc442,"2.7.0, 2.8.0, 2.8.1",CVE-2021-44228," 10.0"
        log4j-core-2.8.1.jar,org/apache/logging/log4j/core/net/JndiManager.class,1584b839cfceb33a372bb9e6f704dcea9701fa810a9ba1ad3961615a5b998c32,org/apache/logging/log4j/core/lookup/JndiLookup.class,66c89e2d5ae674641138858b571e65824df6873abb1677f7b2ef5c0dd4dbc442,"2.7.0, 2.8.0, 2.8.1",CVE-2021-44228," 10.0"
        log4j-core-2.8.2.jar,org/apache/logging/log4j/core/net/JndiManager.class,764b06686dbe06e3d5f6d15891250ab04073a0d1c357d114b7365c70fa8a7407,org/apache/logging/log4j/core/lookup/JndiLookup.class,d4ec57440cd6db6eaf6bcb6b197f1cbaf5a3e26253d59578d51db307357cbf15,2.8.2,CVE-2021-44228," 10.0"
        log4j-core-2.9.0.jar,org/apache/logging/log4j/core/net/JndiManager.class,293d7e83d4197f0496855f40a7745cfcdd10026dc057dfc1816de57295be88a6,org/apache/logging/log4j/core/lookup/JndiLookup.class,0f038a1e0aa0aff76d66d1440c88a2b35a3d023ad8b2e3bac8e25a3208499f7e,"2.10.0, 2.11.0, 2.11.1, 2.11.2, 2.9.0, 2.9.1",CVE-2021-44228," 10.0"
        log4j-core-2.9.1.jar,org/apache/logging/log4j/core/net/JndiManager.class,293d7e83d4197f0496855f40a7745cfcdd10026dc057dfc1816de57295be88a6,org/apache/logging/log4j/core/lookup/JndiLookup.class,0f038a1e0aa0aff76d66d1440c88a2b35a3d023ad8b2e3bac8e25a3208499f7e,"2.10.0, 2.11.0, 2.11.1, 2.11.2, 2.9.0, 2.9.1",CVE-2021-44228," 10.0"
        log4j-core-2.0-beta9.jar,org/apache/logging/log4j/core/lookup/JndiLookup.class,39a495034d37c7934b64a9aa686ea06b61df21aa222044cc50a47d6903ba1ca8,org/apache/logging/log4j/core/lookup/JndiLookup.class,39a495034d37c7934b64a9aa686ea06b61df21aa222044cc50a47d6903ba1ca8,"2.0.0-beta9, 2.0.0-rc1",CVE-2021-44228," 10.0"
        log4j-core-osgi-reduced-2.0-beta9.jar,org/apache/logging/log4j/core/lookup/JndiLookup.class,39a495034d37c7934b64a9aa686ea06b61df21aa222044cc50a47d6903ba1ca8,org/apache/logging/log4j/core/lookup/JndiLookup.class,39a495034d37c7934b64a9aa686ea06b61df21aa222044cc50a47d6903ba1ca8,"2.0.0-beta9, 2.0.0-rc1",CVE-2021-44228," 10.0"
        log4j-core-2.0.jar,org/apache/logging/log4j/core/lookup/JndiLookup.class,fd6c63c11f7a6b52eff04be1de3477c9ddbbc925022f7216320e6db93f1b7d29,org/apache/logging/log4j/core/lookup/JndiLookup.class,fd6c63c11f7a6b52eff04be1de3477c9ddbbc925022f7216320e6db93f1b7d29,2.0.0,CVE-2021-44228," 10.0"
        log4j-core-2.0-rc1.jar,org/apache/logging/log4j/core/lookup/JndiLookup.class,39a495034d37c7934b64a9aa686ea06b61df21aa222044cc50a47d6903ba1ca8,org/apache/logging/log4j/core/lookup/JndiLookup.class,39a495034d37c7934b64a9aa686ea06b61df21aa222044cc50a47d6903ba1ca8,"2.0.0-beta9, 2.0.0-rc1",CVE-2021-44228," 10.0"
        log4j-core-osgi-reduced-2.0-rc1.jar,org/apache/logging/log4j/core/lookup/JndiLookup.class,39a495034d37c7934b64a9aa686ea06b61df21aa222044cc50a47d6903ba1ca8,org/apache/logging/log4j/core/lookup/JndiLookup.class,39a495034d37c7934b64a9aa686ea06b61df21aa222044cc50a47d6903ba1ca8,"2.0.0-beta9, 2.0.0-rc1",CVE-2021-44228," 10.0"
        log4j-core-2.0-rc2.jar,org/apache/logging/log4j/core/lookup/JndiLookup.class,a03e538ed25eff6c4fe48aabc5514e5ee687542f29f2206256840e74ed59bcd2,org/apache/logging/log4j/core/lookup/JndiLookup.class,a03e538ed25eff6c4fe48aabc5514e5ee687542f29f2206256840e74ed59bcd2,2.0.0-rc2,CVE-2021-44228," 10.0"
        log4j-core-2.0.1.jar,org/apache/logging/log4j/core/lookup/JndiLookup.class,964fa0bf8c045097247fa0c973e0c167df08720409fd9e44546e0ceda3925f3e,org/apache/logging/log4j/core/lookup/JndiLookup.class,964fa0bf8c045097247fa0c973e0c167df08720409fd9e44546e0ceda3925f3e,2.0.1,CVE-2021-44228," 10.0"
        log4j-core-2.0.2.jar,org/apache/logging/log4j/core/lookup/JndiLookup.class,9626798cce6abd0f2ffef89f1a3d0092a60d34a837a02bbe571dbe00236a2c8c,org/apache/logging/log4j/core/lookup/JndiLookup.class,9626798cce6abd0f2ffef89f1a3d0092a60d34a837a02bbe571dbe00236a2c8c,2.0.2,CVE-2021-44228," 10.0"
        log4j-core-2.1.jar,org/apache/logging/log4j/core/net/JndiManager.class,ae950f9435c0ef3373d4030e7eff175ee11044e584b7f205b7a9804bbe795f9c,org/apache/logging/log4j/core/lookup/JndiLookup.class,a768e5383990b512f9d4f97217eda94031c2fa4aea122585f5a475ab99dc7307,"2.1.0, 2.2.0, 2.3.0",CVE-2021-44228," 10.0"
        log4j-core-2.10.0.jar,org/apache/logging/log4j/core/net/JndiManager.class,293d7e83d4197f0496855f40a7745cfcdd10026dc057dfc1816de57295be88a6,org/apache/logging/log4j/core/lookup/JndiLookup.class,0f038a1e0aa0aff76d66d1440c88a2b35a3d023ad8b2e3bac8e25a3208499f7e,"2.10.0, 2.11.0, 2.11.1, 2.11.2, 2.9.0, 2.9.1",CVE-2021-44228," 10.0"
        log4j-core-2.11.0.jar,org/apache/logging/log4j/core/net/JndiManager.class,293d7e83d4197f0496855f40a7745cfcdd10026dc057dfc1816de57295be88a6,org/apache/logging/log4j/core/lookup/JndiLookup.class,0f038a1e0aa0aff76d66d1440c88a2b35a3d023ad8b2e3bac8e25a3208499f7e,"2.10.0, 2.11.0, 2.11.1, 2.11.2, 2.9.0, 2.9.1",CVE-2021-44228," 10.0"
        log4j-core-2.11.1.jar,org/apache/logging/log4j/core/net/JndiManager.class,293d7e83d4197f0496855f40a7745cfcdd10026dc057dfc1816de57295be88a6,org/apache/logging/log4j/core/lookup/JndiLookup.class,0f038a1e0aa0aff76d66d1440c88a2b35a3d023ad8b2e3bac8e25a3208499f7e,"2.10.0, 2.11.0, 2.11.1, 2.11.2, 2.9.0, 2.9.1",CVE-2021-44228," 10.0"
        log4j-core-2.11.2.jar,org/apache/logging/log4j/core/net/JndiManager.class,293d7e83d4197f0496855f40a7745cfcdd10026dc057dfc1816de57295be88a6,org/apache/logging/log4j/core/lookup/JndiLookup.class,0f038a1e0aa0aff76d66d1440c88a2b35a3d023ad8b2e3bac8e25a3208499f7e,"2.10.0, 2.11.0, 2.11.1, 2.11.2, 2.9.0, 2.9.1",CVE-2021-44228," 10.0"
        log4j-core-2.12.0.jar,org/apache/logging/log4j/core/net/JndiManager.class,1fa92c00fa0b305b6bbe6e2ee4b012b588a906a20a05e135cbe64c9d77d676de,org/apache/logging/log4j/core/lookup/JndiLookup.class,5c104d16ff9831b456e4d7eaf66bcf531f086767782d08eece3fb37e40467279,"2.12.0, 2.12.1",CVE-2021-44228," 10.0"
        log4j-core-2.12.1.jar,org/apache/logging/log4j/core/net/JndiManager.class,1fa92c00fa0b305b6bbe6e2ee4b012b588a906a20a05e135cbe64c9d77d676de,org/apache/logging/log4j/core/lookup/JndiLookup.class,5c104d16ff9831b456e4d7eaf66bcf531f086767782d08eece3fb37e40467279,"2.12.0, 2.12.1",CVE-2021-44228," 10.0"
        log4j-core-2.12.2.jar,org/apache/logging/log4j/core/net/JndiManager.class,b1960d63a3946f9e16e1920624f37c152b58b98932ed04df99ed5d9486732afb,org/apache/logging/log4j/core/lookup/JndiLookup.class,febbc7867784d0f06934fec59df55ee45f6b24c55b17fff71cc4fca80bf22ebb,2.12.2,CVE-2021-44228," 10.0"
        log4j-core-2.13.0.jar,org/apache/logging/log4j/core/net/JndiManager.class,c3e95da6542945c1a096b308bf65bbd7fcb96e3d201e5a2257d85d4dedc6a078,org/apache/logging/log4j/core/lookup/JndiLookup.class,2b32bfc0556ea59307b9b2fde75b6dfbb5bf4f1d008d1402bc9a2357d8a8c61f,"2.13.0, 2.13.1, 2.13.2, 2.13.3",CVE-2021-44228," 10.0"
        log4j-core-2.13.1.jar,org/apache/logging/log4j/core/net/JndiManager.class,c3e95da6542945c1a096b308bf65bbd7fcb96e3d201e5a2257d85d4dedc6a078,org/apache/logging/log4j/core/lookup/JndiLookup.class,2b32bfc0556ea59307b9b2fde75b6dfbb5bf4f1d008d1402bc9a2357d8a8c61f,"2.13.0, 2.13.1, 2.13.2, 2.13.3",CVE-2021-44228," 10.0"
        log4j-core-2.13.2.jar,org/apache/logging/log4j/core/net/JndiManager.class,c3e95da6542945c1a096b308bf65bbd7fcb96e3d201e5a2257d85d4dedc6a078,org/apache/logging/log4j/core/lookup/JndiLookup.class,2b32bfc0556ea59307b9b2fde75b6dfbb5bf4f1d008d1402bc9a2357d8a8c61f,"2.13.0, 2.13.1, 2.13.2, 2.13.3",CVE-2021-44228," 10.0"
        log4j-core-2.13.3.jar,org/apache/logging/log4j/core/net/JndiManager.class,c3e95da6542945c1a096b308bf65bbd7fcb96e3d201e5a2257d85d4dedc6a078,org/apache/logging/log4j/core/lookup/JndiLookup.class,2b32bfc0556ea59307b9b2fde75b6dfbb5bf4f1d008d1402bc9a2357d8a8c61f,"2.13.0, 2.13.1, 2.13.2, 2.13.3",CVE-2021-44228," 10.0"
        log4j-core-2.14.0.jar,org/apache/logging/log4j/core/net/JndiManager.class,77323460255818f4cbfe180141d6001bfb575b429e00a07cbceabd59adf334d6,org/apache/logging/log4j/core/lookup/JndiLookup.class,84057480ba7da6fb6d9ea50c53a00848315833c1f34bf8f4a47f11a14499ae3f,"2.14.0, 2.14.1",CVE-2021-44228," 10.0"
        log4j-core-2.14.1.jar,org/apache/logging/log4j/core/net/JndiManager.class,77323460255818f4cbfe180141d6001bfb575b429e00a07cbceabd59adf334d6,org/apache/logging/log4j/core/lookup/JndiLookup.class,84057480ba7da6fb6d9ea50c53a00848315833c1f34bf8f4a47f11a14499ae3f,"2.14.0, 2.14.1",CVE-2021-44228," 10.0"
        log4j-core-2.15.0.jar,org/apache/logging/log4j/core/net/JndiManager.class,db07ef1ea174e000b379732681bd835cfede648a7971bf4e9a0d31981582d69e,org/apache/logging/log4j/core/lookup/JndiLookup.class,84057480ba7da6fb6d9ea50c53a00848315833c1f34bf8f4a47f11a14499ae3f,2.15.0,CVE-2021-45046," 9.0"
        log4j-core-2.16.0.jar,org/apache/logging/log4j/core/net/JndiManager.class,5210e6aae7dd8a61cd16c56937c5f2ed43941487830f46e99d0d3f45bfa6f953,org/apache/logging/log4j/core/lookup/JndiLookup.class,84057480ba7da6fb6d9ea50c53a00848315833c1f34bf8f4a47f11a14499ae3f,2.16.0,CVE-2021-45105," 7.5"
        log4j-core-2.2.jar,org/apache/logging/log4j/core/net/JndiManager.class,ae950f9435c0ef3373d4030e7eff175ee11044e584b7f205b7a9804bbe795f9c,org/apache/logging/log4j/core/lookup/JndiLookup.class,a768e5383990b512f9d4f97217eda94031c2fa4aea122585f5a475ab99dc7307,"2.1.0, 2.2.0, 2.3.0",CVE-2021-44228," 10.0"
        log4j-core-2.3.jar,org/apache/logging/log4j/core/net/JndiManager.class,ae950f9435c0ef3373d4030e7eff175ee11044e584b7f205b7a9804bbe795f9c,org/apache/logging/log4j/core/lookup/JndiLookup.class,a768e5383990b512f9d4f97217eda94031c2fa4aea122585f5a475ab99dc7307,"2.1.0, 2.2.0, 2.3.0",CVE-2021-44228," 10.0"
        log4j-core-2.4.jar,org/apache/logging/log4j/core/net/JndiManager.class,3bff6b3011112c0b5139a5c3aa5e698ab1531a2f130e86f9e4262dd6018916d7,org/apache/logging/log4j/core/lookup/JndiLookup.class,a534961bbfce93966496f86c9314f46939fd082bb89986b48b7430c3bea903f7,"2.4.0, 2.4.1, 2.5.0",CVE-2021-44228," 10.0"
        log4j-core-2.4.1.jar,org/apache/logging/log4j/core/net/JndiManager.class,3bff6b3011112c0b5139a5c3aa5e698ab1531a2f130e86f9e4262dd6018916d7,org/apache/logging/log4j/core/lookup/JndiLookup.class,a534961bbfce93966496f86c9314f46939fd082bb89986b48b7430c3bea903f7,"2.4.0, 2.4.1, 2.5.0",CVE-2021-44228," 10.0"
        log4j-core-2.5.jar,org/apache/logging/log4j/core/net/JndiManager.class,3bff6b3011112c0b5139a5c3aa5e698ab1531a2f130e86f9e4262dd6018916d7,org/apache/logging/log4j/core/lookup/JndiLookup.class,a534961bbfce93966496f86c9314f46939fd082bb89986b48b7430c3bea903f7,"2.4.0, 2.4.1, 2.5.0",CVE-2021-44228," 10.0"
        log4j-core-2.6.jar,org/apache/logging/log4j/core/net/JndiManager.class,6540d5695ddac8b0a343c2e91d58316cfdbfdc5b99c6f3f91bc381bc6f748246,org/apache/logging/log4j/core/lookup/JndiLookup.class,e8ffed196e04f81b015f847d4ec61f22f6731c11b5a21b1cfc45ccbc58b8ea45,"2.6.0, 2.6.1, 2.6.2",CVE-2021-44228," 10.0"
        log4j-core-2.6.1.jar,org/apache/logging/log4j/core/net/JndiManager.class,6540d5695ddac8b0a343c2e91d58316cfdbfdc5b99c6f3f91bc381bc6f748246,org/apache/logging/log4j/core/lookup/JndiLookup.class,e8ffed196e04f81b015f847d4ec61f22f6731c11b5a21b1cfc45ccbc58b8ea45,"2.6.0, 2.6.1, 2.6.2",CVE-2021-44228," 10.0"
        log4j-core-2.6.2.jar,org/apache/logging/log4j/core/net/JndiManager.class,6540d5695ddac8b0a343c2e91d58316cfdbfdc5b99c6f3f91bc381bc6f748246,org/apache/logging/log4j/core/lookup/JndiLookup.class,e8ffed196e04f81b015f847d4ec61f22f6731c11b5a21b1cfc45ccbc58b8ea45,"2.6.0, 2.6.1, 2.6.2",CVE-2021-44228," 10.0"
        log4j-core-2.7.jar,org/apache/logging/log4j/core/net/JndiManager.class,1584b839cfceb33a372bb9e6f704dcea9701fa810a9ba1ad3961615a5b998c32,org/apache/logging/log4j/core/lookup/JndiLookup.class,cee2305065bb61d434cdb45cfdaa46e7da148e5c6a7678d56f3e3dc8d7073eae,"2.7.0, 2.8.0, 2.8.1",CVE-2021-44228," 10.0"
        log4j-core-2.8.jar,org/apache/logging/log4j/core/net/JndiManager.class,1584b839cfceb33a372bb9e6f704dcea9701fa810a9ba1ad3961615a5b998c32,org/apache/logging/log4j/core/lookup/JndiLookup.class,66c89e2d5ae674641138858b571e65824df6873abb1677f7b2ef5c0dd4dbc442,"2.7.0, 2.8.0, 2.8.1",CVE-2021-44228," 10.0"
        log4j-core-2.8.1.jar,org/apache/logging/log4j/core/net/JndiManager.class,1584b839cfceb33a372bb9e6f704dcea9701fa810a9ba1ad3961615a5b998c32,org/apache/logging/log4j/core/lookup/JndiLookup.class,66c89e2d5ae674641138858b571e65824df6873abb1677f7b2ef5c0dd4dbc442,"2.7.0, 2.8.0, 2.8.1",CVE-2021-44228," 10.0"
        log4j-core-2.8.2.jar,org/apache/logging/log4j/core/net/JndiManager.class,764b06686dbe06e3d5f6d15891250ab04073a0d1c357d114b7365c70fa8a7407,org/apache/logging/log4j/core/lookup/JndiLookup.class,d4ec57440cd6db6eaf6bcb6b197f1cbaf5a3e26253d59578d51db307357cbf15,2.8.2,CVE-2021-44228," 10.0"
        log4j-core-2.9.0.jar,org/apache/logging/log4j/core/net/JndiManager.class,293d7e83d4197f0496855f40a7745cfcdd10026dc057dfc1816de57295be88a6,org/apache/logging/log4j/core/lookup/JndiLookup.class,0f038a1e0aa0aff76d66d1440c88a2b35a3d023ad8b2e3bac8e25a3208499f7e,"2.10.0, 2.11.0, 2.11.1, 2.11.2, 2.9.0, 2.9.1",CVE-2021-44228," 10.0"
        log4j-core-2.9.1.jar,org/apache/logging/log4j/core/net/JndiManager.class,293d7e83d4197f0496855f40a7745cfcdd10026dc057dfc1816de57295be88a6,org/apache/logging/log4j/core/lookup/JndiLookup.class,0f038a1e0aa0aff76d66d1440c88a2b35a3d023ad8b2e3bac8e25a3208499f7e,"2.10.0, 2.11.0, 2.11.1, 2.11.2, 2.9.0, 2.9.1",CVE-2021-44228," 10.0"
        log4j-core-2.0.1.jar,org/apache/logging/log4j/core/lookup/JndiLookup.class,964fa0bf8c045097247fa0c973e0c167df08720409fd9e44546e0ceda3925f3e,org/apache/logging/log4j/core/lookup/JndiLookup.class,964fa0bf8c045097247fa0c973e0c167df08720409fd9e44546e0ceda3925f3e,2.0.1,CVE-2021-44228," 10.0"
        log4j-core-2.0-rc1.jar,org/apache/logging/log4j/core/lookup/JndiLookup.class,39a495034d37c7934b64a9aa686ea06b61df21aa222044cc50a47d6903ba1ca8,org/apache/logging/log4j/core/lookup/JndiLookup.class,39a495034d37c7934b64a9aa686ea06b61df21aa222044cc50a47d6903ba1ca8,"2.0.0-beta9, 2.0.0-rc1",CVE-2021-44228," 10.0"
        log4j-core-2.0-rc2.jar,org/apache/logging/log4j/core/lookup/JndiLookup.class,a03e538ed25eff6c4fe48aabc5514e5ee687542f29f2206256840e74ed59bcd2,org/apache/logging/log4j/core/lookup/JndiLookup.class,a03e538ed25eff6c4fe48aabc5514e5ee687542f29f2206256840e74ed59bcd2,2.0.0-rc2,CVE-2021-44228," 10.0"
        log4j-core-2.0.1.jar,org/apache/logging/log4j/core/lookup/JndiLookup.class,964fa0bf8c045097247fa0c973e0c167df08720409fd9e44546e0ceda3925f3e,org/apache/logging/log4j/core/lookup/JndiLookup.class,964fa0bf8c045097247fa0c973e0c167df08720409fd9e44546e0ceda3925f3e,2.0.1,CVE-2021-44228," 10.0"
        log4j-core-2.0.2.jar,org/apache/logging/log4j/core/lookup/JndiLookup.class,9626798cce6abd0f2ffef89f1a3d0092a60d34a837a02bbe571dbe00236a2c8c,org/apache/logging/log4j/core/lookup/JndiLookup.class,9626798cce6abd0f2ffef89f1a3d0092a60d34a837a02bbe571dbe00236a2c8c,2.0.2,CVE-2021-44228," 10.0"
        log4j-core-2.0.jar,org/apache/logging/log4j/core/lookup/JndiLookup.class,fd6c63c11f7a6b52eff04be1de3477c9ddbbc925022f7216320e6db93f1b7d29,org/apache/logging/log4j/core/lookup/JndiLookup.class,fd6c63c11f7a6b52eff04be1de3477c9ddbbc925022f7216320e6db93f1b7d29,2.0.0,CVE-2021-44228," 10.0"
        log4j-core-2.1.jar,org/apache/logging/log4j/core/net/JndiManager.class,ae950f9435c0ef3373d4030e7eff175ee11044e584b7f205b7a9804bbe795f9c,org/apache/logging/log4j/core/lookup/JndiLookup.class,a768e5383990b512f9d4f97217eda94031c2fa4aea122585f5a475ab99dc7307,"2.1.0, 2.2.0, 2.3.0",CVE-2021-44228," 10.0"
        log4j-core-2.10.0.jar,org/apache/logging/log4j/core/net/JndiManager.class,293d7e83d4197f0496855f40a7745cfcdd10026dc057dfc1816de57295be88a6,org/apache/logging/log4j/core/lookup/JndiLookup.class,0f038a1e0aa0aff76d66d1440c88a2b35a3d023ad8b2e3bac8e25a3208499f7e,"2.10.0, 2.11.0, 2.11.1, 2.11.2, 2.9.0, 2.9.1",CVE-2021-44228," 10.0"
        log4j-core-2.11.0.jar,org/apache/logging/log4j/core/net/JndiManager.class,293d7e83d4197f0496855f40a7745cfcdd10026dc057dfc1816de57295be88a6,org/apache/logging/log4j/core/lookup/JndiLookup.class,0f038a1e0aa0aff76d66d1440c88a2b35a3d023ad8b2e3bac8e25a3208499f7e,"2.10.0, 2.11.0, 2.11.1, 2.11.2, 2.9.0, 2.9.1",CVE-2021-44228," 10.0"
        log4j-core-2.11.1.jar,org/apache/logging/log4j/core/net/JndiManager.class,293d7e83d4197f0496855f40a7745cfcdd10026dc057dfc1816de57295be88a6,org/apache/logging/log4j/core/lookup/JndiLookup.class,0f038a1e0aa0aff76d66d1440c88a2b35a3d023ad8b2e3bac8e25a3208499f7e,"2.10.0, 2.11.0, 2.11.1, 2.11.2, 2.9.0, 2.9.1",CVE-2021-44228," 10.0"
        log4j-core-2.11.2.jar,org/apache/logging/log4j/core/net/JndiManager.class,293d7e83d4197f0496855f40a7745cfcdd10026dc057dfc1816de57295be88a6,org/apache/logging/log4j/core/lookup/JndiLookup.class,0f038a1e0aa0aff76d66d1440c88a2b35a3d023ad8b2e3bac8e25a3208499f7e,"2.10.0, 2.11.0, 2.11.1, 2.11.2, 2.9.0, 2.9.1",CVE-2021-44228," 10.0"
        log4j-core-2.12.0.jar,org/apache/logging/log4j/core/net/JndiManager.class,1fa92c00fa0b305b6bbe6e2ee4b012b588a906a20a05e135cbe64c9d77d676de,org/apache/logging/log4j/core/lookup/JndiLookup.class,5c104d16ff9831b456e4d7eaf66bcf531f086767782d08eece3fb37e40467279,"2.12.0, 2.12.1",CVE-2021-44228," 10.0"
        log4j-core-2.12.1.jar,org/apache/logging/log4j/core/net/JndiManager.class,1fa92c00fa0b305b6bbe6e2ee4b012b588a906a20a05e135cbe64c9d77d676de,org/apache/logging/log4j/core/lookup/JndiLookup.class,5c104d16ff9831b456e4d7eaf66bcf531f086767782d08eece3fb37e40467279,"2.12.0, 2.12.1",CVE-2021-44228," 10.0"
        log4j-core-2.12.2.jar,org/apache/logging/log4j/core/net/JndiManager.class,b1960d63a3946f9e16e1920624f37c152b58b98932ed04df99ed5d9486732afb,org/apache/logging/log4j/core/lookup/JndiLookup.class,febbc7867784d0f06934fec59df55ee45f6b24c55b17fff71cc4fca80bf22ebb,2.12.2,CVE-2021-44228," 10.0"
        log4j-core-2.13.0.jar,org/apache/logging/log4j/core/net/JndiManager.class,c3e95da6542945c1a096b308bf65bbd7fcb96e3d201e5a2257d85d4dedc6a078,org/apache/logging/log4j/core/lookup/JndiLookup.class,2b32bfc0556ea59307b9b2fde75b6dfbb5bf4f1d008d1402bc9a2357d8a8c61f,"2.13.0, 2.13.1, 2.13.2, 2.13.3",CVE-2021-44228," 10.0"
        log4j-core-2.13.1.jar,org/apache/logging/log4j/core/net/JndiManager.class,c3e95da6542945c1a096b308bf65bbd7fcb96e3d201e5a2257d85d4dedc6a078,org/apache/logging/log4j/core/lookup/JndiLookup.class,2b32bfc0556ea59307b9b2fde75b6dfbb5bf4f1d008d1402bc9a2357d8a8c61f,"2.13.0, 2.13.1, 2.13.2, 2.13.3",CVE-2021-44228," 10.0"
        log4j-core-2.13.2.jar,org/apache/logging/log4j/core/net/JndiManager.class,c3e95da6542945c1a096b308bf65bbd7fcb96e3d201e5a2257d85d4dedc6a078,org/apache/logging/log4j/core/lookup/JndiLookup.class,2b32bfc0556ea59307b9b2fde75b6dfbb5bf4f1d008d1402bc9a2357d8a8c61f,"2.13.0, 2.13.1, 2.13.2, 2.13.3",CVE-2021-44228," 10.0"
        log4j-core-2.13.3.jar,org/apache/logging/log4j/core/net/JndiManager.class,c3e95da6542945c1a096b308bf65bbd7fcb96e3d201e5a2257d85d4dedc6a078,org/apache/logging/log4j/core/lookup/JndiLookup.class,2b32bfc0556ea59307b9b2fde75b6dfbb5bf4f1d008d1402bc9a2357d8a8c61f,"2.13.0, 2.13.1, 2.13.2, 2.13.3",CVE-2021-44228," 10.0"
        log4j-core-2.14.0.jar,org/apache/logging/log4j/core/net/JndiManager.class,77323460255818f4cbfe180141d6001bfb575b429e00a07cbceabd59adf334d6,org/apache/logging/log4j/core/lookup/JndiLookup.class,84057480ba7da6fb6d9ea50c53a00848315833c1f34bf8f4a47f11a14499ae3f,"2.14.0, 2.14.1",CVE-2021-44228," 10.0"
        log4j-core-2.14.1.jar,org/apache/logging/log4j/core/net/JndiManager.class,77323460255818f4cbfe180141d6001bfb575b429e00a07cbceabd59adf334d6,org/apache/logging/log4j/core/lookup/JndiLookup.class,84057480ba7da6fb6d9ea50c53a00848315833c1f34bf8f4a47f11a14499ae3f,"2.14.0, 2.14.1",CVE-2021-44228," 10.0"
        log4j-core-2.15.0.jar,org/apache/logging/log4j/core/net/JndiManager.class,db07ef1ea174e000b379732681bd835cfede648a7971bf4e9a0d31981582d69e,org/apache/logging/log4j/core/lookup/JndiLookup.class,84057480ba7da6fb6d9ea50c53a00848315833c1f34bf8f4a47f11a14499ae3f,2.15.0,CVE-2021-45046," 9.0"
        log4j-core-2.16.0.jar,org/apache/logging/log4j/core/net/JndiManager.class,5210e6aae7dd8a61cd16c56937c5f2ed43941487830f46e99d0d3f45bfa6f953,org/apache/logging/log4j/core/lookup/JndiLookup.class,84057480ba7da6fb6d9ea50c53a00848315833c1f34bf8f4a47f11a14499ae3f,2.16.0,CVE-2021-45105," 7.5"
        log4j-core-2.2.jar,org/apache/logging/log4j/core/net/JndiManager.class,ae950f9435c0ef3373d4030e7eff175ee11044e584b7f205b7a9804bbe795f9c,org/apache/logging/log4j/core/lookup/JndiLookup.class,a768e5383990b512f9d4f97217eda94031c2fa4aea122585f5a475ab99dc7307,"2.1.0, 2.2.0, 2.3.0",CVE-2021-44228," 10.0"
        log4j-core-2.3.jar,org/apache/logging/log4j/core/net/JndiManager.class,ae950f9435c0ef3373d4030e7eff175ee11044e584b7f205b7a9804bbe795f9c,org/apache/logging/log4j/core/lookup/JndiLookup.class,a768e5383990b512f9d4f97217eda94031c2fa4aea122585f5a475ab99dc7307,"2.1.0, 2.2.0, 2.3.0",CVE-2021-44228," 10.0"
        log4j-core-2.4.1.jar,org/apache/logging/log4j/core/net/JndiManager.class,3bff6b3011112c0b5139a5c3aa5e698ab1531a2f130e86f9e4262dd6018916d7,org/apache/logging/log4j/core/lookup/JndiLookup.class,a534961bbfce93966496f86c9314f46939fd082bb89986b48b7430c3bea903f7,"2.4.0, 2.4.1, 2.5.0",CVE-2021-44228," 10.0"
        log4j-core-2.4.jar,org/apache/logging/log4j/core/net/JndiManager.class,3bff6b3011112c0b5139a5c3aa5e698ab1531a2f130e86f9e4262dd6018916d7,org/apache/logging/log4j/core/lookup/JndiLookup.class,a534961bbfce93966496f86c9314f46939fd082bb89986b48b7430c3bea903f7,"2.4.0, 2.4.1, 2.5.0",CVE-2021-44228," 10.0"
        log4j-core-2.5.jar,org/apache/logging/log4j/core/net/JndiManager.class,3bff6b3011112c0b5139a5c3aa5e698ab1531a2f130e86f9e4262dd6018916d7,org/apache/logging/log4j/core/lookup/JndiLookup.class,a534961bbfce93966496f86c9314f46939fd082bb89986b48b7430c3bea903f7,"2.4.0, 2.4.1, 2.5.0",CVE-2021-44228," 10.0"
        log4j-core-2.6.1.jar,org/apache/logging/log4j/core/net/JndiManager.class,6540d5695ddac8b0a343c2e91d58316cfdbfdc5b99c6f3f91bc381bc6f748246,org/apache/logging/log4j/core/lookup/JndiLookup.class,e8ffed196e04f81b015f847d4ec61f22f6731c11b5a21b1cfc45ccbc58b8ea45,"2.6.0, 2.6.1, 2.6.2",CVE-2021-44228," 10.0"
        log4j-core-2.6.2.jar,org/apache/logging/log4j/core/net/JndiManager.class,6540d5695ddac8b0a343c2e91d58316cfdbfdc5b99c6f3f91bc381bc6f748246,org/apache/logging/log4j/core/lookup/JndiLookup.class,e8ffed196e04f81b015f847d4ec61f22f6731c11b5a21b1cfc45ccbc58b8ea45,"2.6.0, 2.6.1, 2.6.2",CVE-2021-44228," 10.0"
        log4j-core-2.6.jar,org/apache/logging/log4j/core/net/JndiManager.class,6540d5695ddac8b0a343c2e91d58316cfdbfdc5b99c6f3f91bc381bc6f748246,org/apache/logging/log4j/core/lookup/JndiLookup.class,e8ffed196e04f81b015f847d4ec61f22f6731c11b5a21b1cfc45ccbc58b8ea45,"2.6.0, 2.6.1, 2.6.2",CVE-2021-44228," 10.0"
        log4j-core-2.7.jar,org/apache/logging/log4j/core/net/JndiManager.class,1584b839cfceb33a372bb9e6f704dcea9701fa810a9ba1ad3961615a5b998c32,org/apache/logging/log4j/core/lookup/JndiLookup.class,cee2305065bb61d434cdb45cfdaa46e7da148e5c6a7678d56f3e3dc8d7073eae,"2.7.0, 2.8.0, 2.8.1",CVE-2021-44228," 10.0"
        log4j-core-2.8.1.jar,org/apache/logging/log4j/core/net/JndiManager.class,1584b839cfceb33a372bb9e6f704dcea9701fa810a9ba1ad3961615a5b998c32,org/apache/logging/log4j/core/lookup/JndiLookup.class,66c89e2d5ae674641138858b571e65824df6873abb1677f7b2ef5c0dd4dbc442,"2.7.0, 2.8.0, 2.8.1",CVE-2021-44228," 10.0"
        log4j-core-2.8.2.jar,org/apache/logging/log4j/core/net/JndiManager.class,764b06686dbe06e3d5f6d15891250ab04073a0d1c357d114b7365c70fa8a7407,org/apache/logging/log4j/core/lookup/JndiLookup.class,d4ec57440cd6db6eaf6bcb6b197f1cbaf5a3e26253d59578d51db307357cbf15,2.8.2,CVE-2021-44228," 10.0"
        log4j-core-2.8.jar,org/apache/logging/log4j/core/net/JndiManager.class,1584b839cfceb33a372bb9e6f704dcea9701fa810a9ba1ad3961615a5b998c32,org/apache/logging/log4j/core/lookup/JndiLookup.class,66c89e2d5ae674641138858b571e65824df6873abb1677f7b2ef5c0dd4dbc442,"2.7.0, 2.8.0, 2.8.1",CVE-2021-44228," 10.0"
        log4j-core-2.9.0.jar,org/apache/logging/log4j/core/net/JndiManager.class,293d7e83d4197f0496855f40a7745cfcdd10026dc057dfc1816de57295be88a6,org/apache/logging/log4j/core/lookup/JndiLookup.class,0f038a1e0aa0aff76d66d1440c88a2b35a3d023ad8b2e3bac8e25a3208499f7e,"2.10.0, 2.11.0, 2.11.1, 2.11.2, 2.9.0, 2.9.1",CVE-2021-44228," 10.0"
        log4j-core-2.9.1.jar,org/apache/logging/log4j/core/net/JndiManager.class,293d7e83d4197f0496855f40a7745cfcdd10026dc057dfc1816de57295be88a6,org/apache/logging/log4j/core/lookup/JndiLookup.class,0f038a1e0aa0aff76d66d1440c88a2b35a3d023ad8b2e3bac8e25a3208499f7e,"2.10.0, 2.11.0, 2.11.1, 2.11.2, 2.9.0, 2.9.1",CVE-2021-44228," 10.0"

sources:
  - query: |
      -- this section searches by filename and hashes hits
      LET target_files = SELECT * 
        FROM if(condition=version(plugin='glob') >= 2,
            then={ SELECT * FROM glob(globs=TargetGlob,recursion_callback='x=>x.IsLink OR x.Data.DevMajor = NULL OR x.Data.DevMajor > 7') },
            else={ SELECT * FROM glob(globs=TargetGlob,nosymlink=True) })

      -- recursive search function
      LET Recurse(File, OriginalFile, Container, RecursionRounds) = SELECT * FROM foreach(
                row={
                    SELECT *
                    FROM glob(accessor="zip", root=url(path=File, scheme="file"), globs="/**")
                    WHERE NOT IsDir AND Size > 0
                },
                query={
                    SELECT *
                      FROM if(condition=Name =~ ".(jar|war|ear)$",
                            then={
                                SELECT * FROM Recurse(
                                    OriginalFile=OriginalFile + "/" + url(parse=FullPath).Fragment,
                                    File=copy(dest=tempfile(extension=".zip", remove_last=TRUE),
                                        accessor="zip", filename=FullPath),
                                    Container=Container, RecursionRounds = RecursionRounds + 1)
                                WHERE RecursionRounds < MaxRecursions

                            },
                            else={
                              SELECT * FROM switch(
                                path={
                                    SELECT Container,
                                        'Path detection' as Description,
                                        Name, url(parse=FullPath).Fragment AS ZipPath, OriginalFile,
                                        hash(path=FullPath,accessor='zip').SHA256 as SHA256h
                                    FROM scope()
                                    WHERE ZipPath in IocLookupTable.FilePath
                                        OR basename(path=ZipPath) in IocLookupTable.JarName
                                        OR basename(path=Container) in IocLookupTable.JarName
                                },
                                hash={
                                    SELECT Container,
                                        'Hash detection' as Description,
                                        Name, url(parse=FullPath).Fragment AS ZipPath, OriginalFile, Size,
                                        hash(path=FullPath,accessor='zip').SHA256 as SHA256h
                                    FROM scope()
                                    WHERE SHA256h in IocLookupTable.SHA256
                                        OR SHA256h in IocLookupTable.JndiSHA256

                                })
                            })
                    })

      -- CVE lookup
      LET find_cve(hash,originalfile) = if(condition= hash in IocLookupTable.SHA256,
                then= {
                    SELECT Version,Cve,Severity
                    FROM IocLookupTable
                    WHERE SHA256 = hash
                    GROUP BY Version,Cve,Severity
                },
            else= if(condition= basename(path=originalfile) in IocLookupTable.JarName,
                then= {
                    SELECT Version,Cve,Severity
                    FROM IocLookupTable
                    WHERE basename(path=originalfile) = JarName
                    GROUP BY Version,Cve,Severity
                }))[0]

      -- find hits
      LET hits <= SELECT
                Container as FullPath,
                if(condition= Container=OriginalFile,
                    then= Null,
                    else= OriginalFile ) as Embedded,
                if(condition= Description=~ 'Hash',
                    then= format(format='%s: %s',args=[Description, SHA256h]),
                else= if(condition= basename(path=Container) in IocLookupTable.JarName,
                    then = format(format='%s: %s',args=[Description, Container]),
                else= if(condition= basename(path=OriginalFile) in IocLookupTable.JarName,
                    then = format(format='%s: %s',args=[Description, OriginalFile]),
                else= format(format='%s: %s',args=[Description, ZipPath])
                    ))) as Description,
                CVEDetails.Version as Log4jVersion,
                CVEDetails.Cve as CVE,
                CVEDetails.Severity as Severity
        FROM foreach(row=target_files,
            query={
                SELECT *,
                    find_cve(hash=SHA256h,originalfile=OriginalFile) as CVEDetails
                FROM Recurse(File=FullPath, OriginalFile=FullPath,Container=FullPath,RecursionRounds=0)
                WHERE CVEDetails
                LIMIT 1
            })

      -- upload files that have hits
      LET upload_hits=SELECT *,
            upload(file=FullPath) AS Upload
        FROM hits

      -- return rows
      SELECT * FROM if(condition=UploadHits,
        then=upload_hits,
        else=hits)

comments powered by Disqus