Many of you saw our original post here: Free Tool: Low-Impact Log4j CVE-2021-44228 Detection where we made lightweight detection mechanisms available for Windows and Linux.
We have updated our content to detect all three currently identified CVEs for Log4j. Also, as of today we have made additional mechanisms available including remediation:
- Verve Log4j Detector
- Verve Log4j Enhanced Detector
- Verve Log4j Full System Scan
| Method | Impact | Runtime | True Positive | True Negative | False Positive | False Negatives |
|---|---|---|---|---|---|---|
| Verve Log4j Detector (Verve) | Extremely Low | <1s | Good | Good | Very Good | Poor |
| Verve Log4j Enhanced Detector (Verve + Logpresso) | Low | 1-15s | Very Good | Very Good | Very Good | Very Good |
| Verve Log4j Full System Scan (Logpresso) | High | 5-30m | Very Good | Very Good | Very Poor | Very Good |
At this point we strongly recommend running the Verve Log4j Enhanced Detector on all systems to prioritize remediation. This detector can see inside of JAR/WAR/EAR/AAR/etc files for Log4j. This enhanced detector has the highest true positive with the lowest false positive results.
Each Fixlet uses portable dependencies and does not require anything installed on the system.
We provide the base Verve Log4j Detector to run on any systems having issues with the additional components in the Enhanced Detector and finally offer running a Full System Scan to identify currently inactive Log4j dependencies.
The best part is all three methods use the same Analyses, Fixlets, and reporting methodology so you dont need to look in different places for your results. We even have Warning Fixlets that are marked with the correct CVEs for proper reporting.
Once you’ve run a detection mechanism you can use the remediation Fixlets to remove the JNDI classes from the vulnerable JAR files.
Full information available here: https://github.com/VerveIndustrialProtection/CVE-2021-44228-Log4j
For support with this content please file an issue on Github. If you are a Verve customer please contact Verve customer support directly.