I tried to deploy the Greenbone in our ubuntu instance using docker compose file and configured the target server for vulnerability check using ‘CVE-2021-44228’.
While scanning the other server from the UI, which has log4j2.8.0 vulnerability, It shows no alerts while scanning with log4j shell config even after updating the feed status.
I’m relatively new to openvas, So I’m not sure why this is happening. I have attached the screenshots for more clarity.
I’ve already set up the target server with the log4j shell scanner “CVE-2021-44228” to look for vulnerabilities. I followed the link, but the Greenbone UI is still not sending me any notifications for Log4J. Could you please provide additional details?
should contain most current known details. To sum them up:
From the description of all VTs checking the flaw “actively”:
For a successful detection of this flaw the target host needs to be able to reach the scanner host on a TCP port randomly generated during the runtime of the VT (currently in the range of 10000-32000)
If a system is having a log4j.jar it doesn’t necessarily means that it is actually vulnerable
e.g. not using the affected code path, not accepting untrusted user input, security fixes by backports, mitigation on config level, …
If the target system is a Linux system version based checks have a low QoD (due to possible available “backports”) and their results are not shown by default
The QoD can be changed to a lower value (e.g. 30 %) in the result filter
Various VTs covering this flaw are only available in the Greenbone Enterprise Feed
Some VTs needs authenticated scans (e.g. via SSH or SMB login) enabled
Apart for log4j (CVE-2021-44228), we received the CVE for 98 vulnerabilities. could you please provide the log4j CVE number and an alternative solution for getting the log4j.