fox-it/log4j-finder
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #43 from yunzheng/main

Browse Source 
Added log4j 2.17.0 hash and mark as the only good version (CVE-2021-45105)
This commit is contained in:
yunzheng
2021-12-18 11:39:23 +01:00
committed by GitHub
parent d1810c41a2 d52dd49541
commit b920b030a9
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
log4j-finder.py
View File

@@ -82,12 +82,14 @@ MD5_BAD = {
"f1d630c48928096a484e4b95ccb162a0": "log4j 2.14.0 - 2.14.1",
# 2.15.0 vulnerable to Denial of Service attack (source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046)
"5d253e53fa993e122ff012221aa49ec3": "log4j 2.15.0",
# 2.16.0 vulnerable to Infinite recursion in lookup evaluation (source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105)
"ba1cf8f81e7b31c709768561ba8ab558": "log4j 2.16.0",
}
# Known GOOD
MD5_GOOD = {
# JndiManager.class (source: https://repo.maven.apache.org/maven2/org/apache/logging/log4j/log4j-core/2.16.0/log4j-core-2.16.0.jar)
"ba1cf8f81e7b31c709768561ba8ab558": "log4j 2.16.0",
# JndiManager.class (source: https://repo.maven.apache.org/maven2/org/apache/logging/log4j/log4j-core/2.17.0/log4j-core-2.17.0.jar)
"3dc5cf97546007be53b2f3d44028fa58": "log4j 2.17.0",
}
HOSTNAME = platform.node()