Qualys/log4jscanwin

Scan finds issue - remediate finds none

Closed this issue · 3 comments

danfoxley commented

Please help me see why:

Scan finds vulnerabilities, but remediate shows nothing.

Log4jScanner.exe /scan /report_sig
scanEngine: 2.1.2.0
scanHostname: Lenovo056.domain.com
scanDate: 2022-01-11T17:26:42-0500
scanDurationSeconds: 101
scanErrorCount: 47
scanStatus: Partially Successful
scanFiles: 539795
scannedDirectories: 187017
scannedCompressed: 1332
scannedJARS: 530
scannedWARS: 0
scannedEARS: 0
scannedTARS: 1
.........
vulnerabilitiesFound: 7

REMEDIATE Command results in empty log4j_remediate.out and not reported mediated files. Please help me see why I'm not able to remediate found vulnerable files.

Log4jRemediate.exe /remediate_sig
Remediation start time : 2022-01-11T17:34:17-0500
Remediation end time : 2022-01-11T17:34:17-0500
Run status : Success
Result file location : C:\ProgramData\Qualys\log4j_remediate.out

romw commented

The remediation utility can only remediate CVE-2021-44228, CVE-2021-45046. The scanner can detect CVE-2021-4104, CVE-2021-44228, CVE-2021-44832, CVE-2021-45046, CVE-2021-45105.

Using /report_pretty will give you a report where each entry in the report shows which CVE(s) are in play.

Example:
{ "scanSummary": { "scanEngine": "2.1.2.0", "scanHostname": "ROMW-HOME.romwnet.org", "scanDate": "2022-01-11T14:56:00-0800", "scanDurationSeconds": 5, "scanErrorCount": 0, "scanStatus": "Success", "scannedFiles": 30, "scannedDirectories": 4, "scannedJARs": 26, "scannedWARs": 0, "scannedEARs": 0, "scannedTARs": 2, "scannedCompressed": 32, "excludedDrives": [], "excludedDirectories": [], "excludedFiles": [], "knownTarExtensions": [ ".tar" ], "knownGZipTarExtensions": [ ".tgz", ".tar.gz" ], "knownBZipTarExtensions": [ ".tbz", ".tbz2", ".tar.bz", ".tar.bz2" ], "knownZipExtensions": [ ".zip", ".jar", ".war", ".ear", ".par", ".kar", ".sar", ".rar", ".jpi", ".hpi", ".apk" ], "vulnerabilitiesFound": 13 }, "scanDetails": [ { "file": "D:\\temp\\log4j-1.1.3.zip!jakarta-log4j-1.1.3/dist/lib/log4j-core.jar", "manifestVendor": "Apache Software Foundation", "manifestVersion": "1.1.3", "detectedLog4j": true, "detectedLog4j1x": true, "detectedLog4j2x": false, "detectedJNDILookupClass": false, "detectedLog4jManifest": true, "log4jVendor": "log4j", "log4jVersion": "1.1.3", "cve20214104Mitigated": true, "cve202144228Mitigated": false, "cve202144832Mitigated": false, "cve202145046Mitigated": false, "cve202145105Mitigated": false, "cveStatus": "Mitigated" }, { "file": "D:\\temp\\log4j-1.1.3.zip!jakarta-log4j-1.1.3/dist/lib/log4j.jar", "manifestVendor": "Apache Software Foundation", "manifestVersion": "1.1.3", "detectedLog4j": true, "detectedLog4j1x": true, "detectedLog4j2x": false, "detectedJNDILookupClass": false, "detectedLog4jManifest": true, "log4jVendor": "log4j", "log4jVersion": "1.1.3", "cve20214104Mitigated": true, "cve202144228Mitigated": false, "cve202144832Mitigated": false, "cve202145046Mitigated": false, "cve202145105Mitigated": false, "cveStatus": "Mitigated" }, { "file": "D:\\temp\\log4j-1.1.3.zip", "manifestVendor": "", "manifestVersion": "", "detectedLog4j": true, "detectedLog4j1x": true, "detectedLog4j2x": false, "detectedJNDILookupClass": false, "detectedLog4jManifest": false, "log4jVendor": "Unknown", "log4jVersion": "Unknown", "cve20214104Mitigated": false, "cve202144228Mitigated": false, "cve202144832Mitigated": false, "cve202145046Mitigated": false, "cve202145105Mitigated": false, "cveStatus": "N/A" }, { "file": "D:\\temp\\log4j-1.2.17.jar", "manifestVendor": "Apache Software Foundation", "manifestVersion": "1.2.17", "detectedLog4j": true, "detectedLog4j1x": true, "detectedLog4j2x": false, "detectedJNDILookupClass": false, "detectedLog4jManifest": true, "log4jVendor": "log4j", "log4jVersion": "1.2.17", "cve20214104Mitigated": false, "cve202144228Mitigated": true, "cve202144832Mitigated": true, "cve202145046Mitigated": true, "cve202145105Mitigated": true, "cveStatus": "Potentially Vulnerable ( CVE-2021-4104: Found )" }, { "file": "D:\\temp\\log4j-1.2.17.zip!apache-log4j-1.2.17/log4j-1.2.17.jar", "manifestVendor": "Apache Software Foundation", "manifestVersion": "1.2.17", "detectedLog4j": true, "detectedLog4j1x": true, "detectedLog4j2x": false, "detectedJNDILookupClass": false, "detectedLog4jManifest": true, "log4jVendor": "log4j", "log4jVersion": "1.2.17", "cve20214104Mitigated": false, "cve202144228Mitigated": true, "cve202144832Mitigated": true, "cve202145046Mitigated": true, "cve202145105Mitigated": true, "cveStatus": "Potentially Vulnerable ( CVE-2021-4104: Found )" }, { "file": "D:\\temp\\log4j-1.2.17.zip", "manifestVendor": "", "manifestVersion": "", "detectedLog4j": true, "detectedLog4j1x": true, "detectedLog4j2x": false, "detectedJNDILookupClass": false, "detectedLog4jManifest": false, "log4jVendor": "Unknown", "log4jVersion": "Unknown", "cve20214104Mitigated": false, "cve202144228Mitigated": false, "cve202144832Mitigated": false, "cve202145046Mitigated": false, "cve202145105Mitigated": false, "cveStatus": "N/A" }, { "file": "D:\\temp\\log4j-1.2.9.jar", "manifestVendor": "Apache Software Foundation", "manifestVersion": "1.2.9", "detectedLog4j": true, "detectedLog4j1x": true, "detectedLog4j2x": false, "detectedJNDILookupClass": false, "detectedLog4jManifest": true, "log4jVendor": "log4j", "log4jVersion": "1.2.9", "cve20214104Mitigated": false, "cve202144228Mitigated": false, "cve202144832Mitigated": false, "cve202145046Mitigated": false, "cve202145105Mitigated": false, "cveStatus": "Potentially Vulnerable ( CVE-2021-4104: Found )" }, { "file": "D:\\temp\\log4j-1.2.9.zip!logging-log4j-1.2.9/dist/lib/log4j-1.2.9.jar", "manifestVendor": "Apache Software Foundation", "manifestVersion": "1.2.9", "detectedLog4j": true, "detectedLog4j1x": true, "detectedLog4j2x": false, "detectedJNDILookupClass": false, "detectedLog4jManifest": true, "log4jVendor": "log4j", "log4jVersion": "1.2.9", "cve20214104Mitigated": false, "cve202144228Mitigated": false, "cve202144832Mitigated": false, "cve202145046Mitigated": false, "cve202145105Mitigated": false, "cveStatus": "Potentially Vulnerable ( CVE-2021-4104: Found )" }, { "file": "D:\\temp\\log4j-1.2.9.zip", "manifestVendor": "", "manifestVersion": "", "detectedLog4j": true, "detectedLog4j1x": true, "detectedLog4j2x": false, "detectedJNDILookupClass": false, "detectedLog4jManifest": false, "log4jVendor": "Unknown", "log4jVersion": "Unknown", "cve20214104Mitigated": false, "cve202144228Mitigated": false, "cve202144832Mitigated": false, "cve202145046Mitigated": false, "cve202145105Mitigated": false, "cveStatus": "N/A" }, { "file": "D:\\temp\\log4j-api-2.16.0.jar", "manifestVendor": "log4j", "manifestVersion": "2.16.0", "detectedLog4j": true, "detectedLog4j1x": false, "detectedLog4j2x": true, "detectedJNDILookupClass": false, "detectedLog4jManifest": true, "log4jVendor": "log4j-api", "log4jVersion": "2.16.0", "cve20214104Mitigated": false, "cve202144228Mitigated": true, "cve202144832Mitigated": true, "cve202145046Mitigated": true, "cve202145105Mitigated": true, "cveStatus": "Mitigated" }, { "file": "D:\\temp\\log4j-core-2.11.1.jar", "manifestVendor": "log4j", "manifestVersion": "2.11.1", "detectedLog4j": true, "detectedLog4j1x": false, "detectedLog4j2x": true, "detectedJNDILookupClass": true, "detectedLog4jManifest": true, "log4jVendor": "log4j-core", "log4jVersion": "2.11.1", "cve20214104Mitigated": false, "cve202144228Mitigated": false, "cve202144832Mitigated": false, "cve202145046Mitigated": false, "cve202145105Mitigated": false, "cveStatus": "Potentially Vulnerable ( CVE-2021-44228: Found CVE-2021-44832: Found CVE-2021-45046: Found CVE-2021-45105: Found )" }, { "file": "D:\\temp\\log4j-core-2.12.4.jar", "manifestVendor": "log4j", "manifestVersion": "2.12.4", "detectedLog4j": true, "detectedLog4j1x": false, "detectedLog4j2x": true, "detectedJNDILookupClass": true, "detectedLog4jManifest": true, "log4jVendor": "log4j-core", "log4jVersion": "2.12.4", "cve20214104Mitigated": false, "cve202144228Mitigated": true, "cve202144832Mitigated": true, "cve202145046Mitigated": true, "cve202145105Mitigated": true, "cveStatus": "Mitigated" }, { "file": "D:\\temp\\log4j-core-2.14.0.jar", "manifestVendor": "log4j", "manifestVersion": "2.14.0", "detectedLog4j": true, "detectedLog4j1x": false, "detectedLog4j2x": true, "detectedJNDILookupClass": true, "detectedLog4jManifest": true, "log4jVendor": "log4j-core", "log4jVersion": "2.14.0", "cve20214104Mitigated": false, "cve202144228Mitigated": false, "cve202144832Mitigated": false, "cve202145046Mitigated": false, "cve202145105Mitigated": false, "cveStatus": "Potentially Vulnerable ( CVE-2021-44228: Found CVE-2021-44832: Found CVE-2021-45046: Found CVE-2021-45105: Found )" }, { "file": "D:\\temp\\log4j-core-2.15.0.jar", "manifestVendor": "log4j", "manifestVersion": "2.15.0", "detectedLog4j": true, "detectedLog4j1x": false, "detectedLog4j2x": true, "detectedJNDILookupClass": true, "detectedLog4jManifest": true, "log4jVendor": "log4j-core", "log4jVersion": "2.15.0", "cve20214104Mitigated": false, "cve202144228Mitigated": true, "cve202144832Mitigated": false, "cve202145046Mitigated": false, "cve202145105Mitigated": false, "cveStatus": "Potentially Vulnerable ( CVE-2021-44228: NOT Found CVE-2021-44832: Found CVE-2021-45046: Found CVE-2021-45105: Found )" }, { "file": "D:\\temp\\log4j-core-2.16.0.jar", "manifestVendor": "log4j", "manifestVersion": "2.16.0", "detectedLog4j": true, "detectedLog4j1x": false, "detectedLog4j2x": true, "detectedJNDILookupClass": true, "detectedLog4jManifest": true, "log4jVendor": "log4j-core", "log4jVersion": "2.16.0", "cve20214104Mitigated": false, "cve202144228Mitigated": true, "cve202144832Mitigated": false, "cve202145046Mitigated": true, "cve202145105Mitigated": false, "cveStatus": "Potentially Vulnerable ( CVE-2021-44228: NOT Found CVE-2021-44832: Found CVE-2021-45046: NOT Found CVE-2021-45105: Found )" }, { "file": "D:\\temp\\log4j-core-2.17.0.jar", "manifestVendor": "log4j", "manifestVersion": "2.17.0", "detectedLog4j": true, "detectedLog4j1x": false, "detectedLog4j2x": true, "detectedJNDILookupClass": true, "detectedLog4jManifest": true, "log4jVendor": "log4j-core", "log4jVersion": "2.17.0", "cve20214104Mitigated": false, "cve202144228Mitigated": true, "cve202144832Mitigated": false, "cve202145046Mitigated": true, "cve202145105Mitigated": true, "cveStatus": "Potentially Vulnerable ( CVE-2021-44228: NOT Found CVE-2021-44832: Found CVE-2021-45046: NOT Found CVE-2021-45105: NOT Found )" }, { "file": "D:\\temp\\log4j-core-2.17.1.jar", "manifestVendor": "log4j", "manifestVersion": "2.17.1", "detectedLog4j": true, "detectedLog4j1x": false, "detectedLog4j2x": true, "detectedJNDILookupClass": true, "detectedLog4jManifest": true, "log4jVendor": "log4j-core", "log4jVersion": "2.17.1", "cve20214104Mitigated": false, "cve202144228Mitigated": true, "cve202144832Mitigated": true, "cve202145046Mitigated": true, "cve202145105Mitigated": true, "cveStatus": "Mitigated" }, { "file": "D:\\temp\\log4j-core-2.3.2.jar", "manifestVendor": "org.apache", "manifestVersion": "2.3.2", "detectedLog4j": true, "detectedLog4j1x": false, "detectedLog4j2x": true, "detectedJNDILookupClass": true, "detectedLog4jManifest": false, "log4jVendor": "log4j-core", "log4jVersion": "2.3.2", "cve20214104Mitigated": false, "cve202144228Mitigated": true, "cve202144832Mitigated": true, "cve202145046Mitigated": true, "cve202145105Mitigated": true, "cveStatus": "Mitigated" }, { "file": "D:\\temp\\log4j-core.jar", "manifestVendor": "Apache Software Foundation", "manifestVersion": "1.1.3", "detectedLog4j": true, "detectedLog4j1x": true, "detectedLog4j2x": false, "detectedJNDILookupClass": false, "detectedLog4jManifest": true, "log4jVendor": "log4j", "log4jVersion": "1.1.3", "cve20214104Mitigated": true, "cve202144228Mitigated": false, "cve202144832Mitigated": false, "cve202145046Mitigated": false, "cve202145105Mitigated": false, "cveStatus": "Mitigated" }, { "file": "D:\\temp\\log4j-iostreams-2.15.0.jar", "manifestVendor": "log4j", "manifestVersion": "2.15.0", "detectedLog4j": true, "detectedLog4j1x": false, "detectedLog4j2x": true, "detectedJNDILookupClass": false, "detectedLog4jManifest": true, "log4jVendor": "log4j-iostreams", "log4jVersion": "2.15.0", "cve20214104Mitigated": false, "cve202144228Mitigated": true, "cve202144832Mitigated": true, "cve202145046Mitigated": true, "cve202145105Mitigated": true, "cveStatus": "Mitigated" }, { "file": "D:\\temp\\log4j.jar", "manifestVendor": "Apache Software Foundation", "manifestVersion": "1.1.3", "detectedLog4j": true, "detectedLog4j1x": true, "detectedLog4j2x": false, "detectedJNDILookupClass": false, "detectedLog4jManifest": true, "log4jVendor": "log4j", "log4jVersion": "1.1.3", "cve20214104Mitigated": true, "cve202144228Mitigated": false, "cve202144832Mitigated": false, "cve202145046Mitigated": false, "cve202145105Mitigated": false, "cveStatus": "Mitigated" }, { "file": "D:\\temp\\org.apache.log4j_1.2.15.v201012070815.jar", "manifestVendor": "%PLUGIN_PROVIDER", "manifestVersion": "1.2.15.v201012070815", "detectedLog4j": true, "detectedLog4j1x": true, "detectedLog4j2x": false, "detectedJNDILookupClass": false, "detectedLog4jManifest": false, "log4jVendor": "Unknown", "log4jVersion": "Unknown", "cve20214104Mitigated": false, "cve202144228Mitigated": false, "cve202144832Mitigated": false, "cve202145046Mitigated": false, "cve202145105Mitigated": false, "cveStatus": "N/A" }, { "file": "D:\\temp\\Sample3.zip!Sample1.jar", "manifestVendor": "Unknown", "manifestVersion": "7.5.2", "detectedLog4j": true, "detectedLog4j1x": false, "detectedLog4j2x": true, "detectedJNDILookupClass": true, "detectedLog4jManifest": false, "log4jVendor": "log4j-core", "log4jVersion": "2.11.1", "cve20214104Mitigated": false, "cve202144228Mitigated": false, "cve202144832Mitigated": false, "cve202145046Mitigated": false, "cve202145105Mitigated": false, "cveStatus": "Potentially Vulnerable ( CVE-2021-44228: Found CVE-2021-44832: Found CVE-2021-45046: Found CVE-2021-45105: Found )" }, { "file": "D:\\temp\\Sample3.zip!Sample2.jar", "manifestVendor": "Unknown", "manifestVersion": "7.5.2", "detectedLog4j": true, "detectedLog4j1x": false, "detectedLog4j2x": true, "detectedJNDILookupClass": true, "detectedLog4jManifest": false, "log4jVendor": "log4j-core", "log4jVersion": "2.11.1", "cve20214104Mitigated": false, "cve202144228Mitigated": false, "cve202144832Mitigated": false, "cve202145046Mitigated": false, "cve202145105Mitigated": false, "cveStatus": "Potentially Vulnerable ( CVE-2021-44228: Found CVE-2021-44832: Found CVE-2021-45046: Found CVE-2021-45105: Found )" }, { "file": "D:\\temp\\��\\log4j-core-2.11.1.jar", "manifestVendor": "log4j", "manifestVersion": "2.11.1", "detectedLog4j": true, "detectedLog4j1x": false, "detectedLog4j2x": true, "detectedJNDILookupClass": true, "detectedLog4jManifest": true, "log4jVendor": "log4j-core", "log4jVersion": "2.11.1", "cve20214104Mitigated": false, "cve202144228Mitigated": false, "cve202144832Mitigated": false, "cve202145046Mitigated": false, "cve202145105Mitigated": false, "cveStatus": "Potentially Vulnerable ( CVE-2021-44228: Found CVE-2021-44832: Found CVE-2021-45046: Found CVE-2021-45105: Found )" }, { "file": "D:\\temp\\��\\log4j-core-2.14.0.jar", "manifestVendor": "log4j", "manifestVersion": "2.14.0", "detectedLog4j": true, "detectedLog4j1x": false, "detectedLog4j2x": true, "detectedJNDILookupClass": true, "detectedLog4jManifest": true, "log4jVendor": "log4j-core", "log4jVersion": "2.14.0", "cve20214104Mitigated": false, "cve202144228Mitigated": false, "cve202144832Mitigated": false, "cve202145046Mitigated": false, "cve202145105Mitigated": false, "cveStatus": "Potentially Vulnerable ( CVE-2021-44228: Found CVE-2021-44832: Found CVE-2021-45046: Found CVE-2021-45105: Found )" } ] }

danfoxley commented

🤦‍♂️

romw commented

It does look better when displayed in a console window. Github is stripping CRLF markers.