You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This should be because of the HTTP request headers being used at log4j-scan are relatively extensive. Trend Micro is sending basic (2-4 insertion points per the entire HTTP request). LBs on odd cases may throw 4XX errors on abnormal number of http request headers (or its values). This seems to be the case here.
I pushed a PR to use basic headers when needed: #118
This is the service and sample URL provided by trendmicro
Service: https://log4j-tester.trendmicro.com/
URL: http://ec2-44-199-245-240.compute-1.amazonaws.com:8080
The service says that the said URL is vulnerable. But log4j-scan (on the sample URL) states that target is NOT vulnerable.
Where could be the gap?
The text was updated successfully, but these errors were encountered: