Free Tools: Multiple Log4j Detection Mechanisms + Remediation

Many of you saw our original post here: Free Tool: Low-Impact Log4j CVE-2021-44228 Detection where we made lightweight detection mechanisms available for Windows and Linux.

We have updated our content to detect all three currently identified CVEs for Log4j. Also, as of today we have made additional mechanisms available including remediation:

  • Verve Log4j Detector
  • Verve Log4j Enhanced Detector
  • Verve Log4j Full System Scan
Method Impact Runtime True Positive True Negative False Positive False Negatives
Verve Log4j Detector (Verve) Extremely Low <1s Good Good Very Good Poor
Verve Log4j Enhanced Detector (Verve + Logpresso) Low 1-15s Very Good Very Good Very Good Very Good
Verve Log4j Full System Scan (Logpresso) High 5-30m Very Good Very Good Very Poor Very Good

At this point we strongly recommend running the Verve Log4j Enhanced Detector on all systems to prioritize remediation. This detector can see inside of JAR/WAR/EAR/AAR/etc files for Log4j. This enhanced detector has the highest true positive with the lowest false positive results.

Each Fixlet uses portable dependencies and does not require anything installed on the system.

We provide the base Verve Log4j Detector to run on any systems having issues with the additional components in the Enhanced Detector and finally offer running a Full System Scan to identify currently inactive Log4j dependencies.

The best part is all three methods use the same Analyses, Fixlets, and reporting methodology so you dont need to look in different places for your results. We even have Warning Fixlets that are marked with the correct CVEs for proper reporting.

Once you’ve run a detection mechanism you can use the remediation Fixlets to remove the JNDI classes from the vulnerable JAR files.

Full information available here: https://github.com/VerveIndustrialProtection/CVE-2021-44228-Log4j

For support with this content please file an issue on Github. If you are a Verve customer please contact Verve customer support directly.

6 Likes