Comments (3)
That result always means "JndiLookup.class" is not present. And so, yes, I think it means that version of Log4J is SAFE.
Just be careful to make sure it was someone from your team/company that removed JndiLookup.class and not attackers trying to claim your servers for themselves (to block other attackers)!
from log4j-detector.
Thanks for your answer and clarifying. And good input on the „who deleted the file“ question. Didn’t even think about that.
My concern was that you could include the conclusion „Yes = SAFE“ in the logfile for clarification. After your answer a better addition would be „Yes = SAFE if you or someone from your company removed it. Attackers might remove it to keep control“.
from log4j-detector.
Added info about this to README.md.
from log4j-detector.
Related Issues (20)
- Detection of potentially safe log4j 1.x after manual mitigation HOT 1
- fix --exclude example in README HOT 4
- Shaded Log4j class JndiLookup not found HOT 7
- java.util.zip.ZipException: invalid entry size (expected 0 but got 622 bytes) HOT 4
- version 2021.12.20 not redirecting output anymore (in Windows) HOT 1
- Simple test using sample files outputs no status HOT 10
- Detection of Log4j 1.x as vulnerable HOT 5
- great idea but can be enhanced
- Some archives are not detected when using Java 8
- Scan OSGI .kar and .par archives HOT 1
- Scan .car files HOT 1
- New log4j 2.17.0 CVE that can lead to RCE HOT 1
- log4j CVEs
- Output fixing / adjustment HOT 2
- IDEA: Show a _SAFE_ when nothing found
- Don't handle *.gwtar and other normal files ending with *ar as archives HOT 2
- Incomplete pathnames HOT 1
- Weird new File("blah") in nextByte HOT 3
- Exploded jar not detected under Windows
- reload4j raised as log4j-1.x vulnerability
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from log4j-detector.