Hi All, trying to do a scan for log4j/log4shell and its showing this timed out error message. It’s unclear to me, does it mean it was able to execute the exploit partially THEN timed out? or no response means its not vulnerable?
Hi @bstein
The result is unknown. It is not possible to say if it is vulnerable or not. I can only say that the script was launched against the target but never finished the execution. This can happen when the service is not reachable anymore after it was detected as alive, there was an open port and a given service was listening on it.
1 Like