Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

URL not detected as vulnerable #117

Closed
gv2870 opened this issue Jan 1, 2022 · 2 comments
Closed

URL not detected as vulnerable #117

gv2870 opened this issue Jan 1, 2022 · 2 comments

Comments

@gv2870
Copy link

gv2870 commented Jan 1, 2022

This is the service and sample URL provided by trendmicro

Service: https://log4j-tester.trendmicro.com/
URL: http://ec2-44-199-245-240.compute-1.amazonaws.com:8080

The service says that the said URL is vulnerable. But log4j-scan (on the sample URL) states that target is NOT vulnerable.

Where could be the gap?
@mazen160
Copy link
Contributor

mazen160 commented Jan 2, 2022

Hi @gv2870,

This should be because of the HTTP request headers being used at log4j-scan are relatively extensive. Trend Micro is sending basic (2-4 insertion points per the entire HTTP request). LBs on odd cases may throw 4XX errors on abnormal number of http request headers (or its values). This seems to be the case here.

I pushed a PR to use basic headers when needed:
#118

@mazen160
Copy link
Contributor

mazen160 commented Jan 2, 2022

Closing the ticket for cleaning-up, the PR should be merged soon.

Thanks @gv2870 for bringing this!

@mazen160 mazen160 closed this as completed Jan 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mazen160 @gv2870