URL not detected as vulnerable

Question

URL not detected as vulnerable

gv2870 opened this issue 3 years ago · 2 comments

This is the service and sample URL provided by trendmicro

Service: https://log4j-tester.trendmicro.com/
URL: http://ec2-44-199-245-240.compute-1.amazonaws.com:8080

The service says that the said URL is vulnerable. But log4j-scan (on the sample URL) states that target is NOT vulnerable.

Where could be the gap?

Answer 1 · 2022-01-02T20:24:23.000Z

Hi @gv2870,

This should be because of the HTTP request headers being used at log4j-scan are relatively extensive. Trend Micro is sending basic (2-4 insertion points per the entire HTTP request). LBs on odd cases may throw 4XX errors on abnormal number of http request headers (or its values). This seems to be the case here.

I pushed a PR to use basic headers when needed:
#118

Answer 2 · 2022-01-02T20:24:47.000Z

Closing the ticket for cleaning-up, the PR should be merged soon.

Thanks @gv2870 for bringing this!