Hey , i have a Microsoft Exchange Serer 2016 that i am testing and time to time Log4j active Http plugin reports a False positive.
script name “Apache Log4j 2.0.x Multiple Vulnerabilities (HTTP, Log4Shell) - Active Check”
I was wondering if it is only me that encounters this or there are other reported False positives for this plugin?
I’d like to check something before I pass this on, by time to time do you mean that it’s being inconsistent in that some scans are fine and others are showing the false positive (sorry if this sounds like a simple question but want to clarify). Thanks!
Yes, correct. through the past 3 months i had it twice detected out of ~ 45 scans
Thank you and I’ll make a note for the developers on it.