Upcoming Changes to Log4j QIDs 376209 and 376194 

Diksha Ojha

Qualys is working on making changes to the results section of the Linux detection for Log4j QIDs 376209 and 376194 and further improving the reporting. 

Improvements

The JNDI lookup class status column will be removed from the scan results of QIDs 376209 and 376194. The JNDI lookup class status is not applicable for QIDs 376209 and 376194 (which covers CVE-2021-44832 and CVE-2021-45105). We have decided to remove the column based on customer feedback. 

This is only a reporting change, and the QID detection logic remains the same, so customers will continue to see the same number of vulnerable instances get reported.  

Refer to the screenshots below for enhanced reporting of QIDs 376209 and 376194 on Linux: 

Current Reporting

Enhanced Reporting

The results will contain three columns: 

  1. PATH: This column will include the full path to the log4j-core jar 
  1. VERSION: This column will have the version extracted from the log4j-core jar file. 
  1. BASE_DIR: This column will contain the base directory extracted from the PATH. 

The enhancement applies to both Cloud Agents and scanners. The changes will be available by 21st February 2023.

Share your Comments

Comments

Your email address will not be published. Required fields are marked *