Configuration for Log4Shell checks

Hi there,

I’ve got a problem which is pretty similar to this topic

In short: I’m are using the community containers and I’m asking myself how to configure the check for Apache Log4j / Log4Shell.

Currently the check is using the internal docker IP address which is unreachable from the systems which are being scanned. Also when checking the logs it is a bit confusing since the internal docker IP is changing randomly.

Basically I have the same question as in the other thread:

  • Could there be a way to configure these settings, address and port, in the web GUI?
  • How can I disable this check?

Thank you.
fdgjk

A community user gave some hints in the GitHub issue below how to configure the docker containers accordingly.

For best/most detailed vulnerability and/or service detection coverage the scanner should be usually directly reachable by the target (or at best even in the same subnet).

2 Likes