New checker request: log4j

[terriko]

New checker request: Apache log4j (In "celebration" of https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046 )

Website: https://logging.apache.org/log4j/2.x/security.html

CVEs: https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-37215/Apache-Log4j.html

Instructions: How to add a new checker to the CVE Binary Tool

This may also be a great opportunity to try out the checker creation helper script created by @peb-peb.

• Helper script documentation

[terriko]

Not sure if this is actually fully closed by #1463 since we don't have an explicit checker, so I'll let @anthonyharrison weigh in whether an explicit log4j one is still needed.

[anthonyharrison]

Terri I think the Java checker covers the issue and when I was testing, Log4J was detected. Anthony

…

On Thu, 6 Jan 2022 at 22:05, Terri Oda ***@***.***> wrote: Not sure if this is actually fully closed by #1463 <#1463> since we don't have an explicit checker, so I'll let @anthonyharrison <https://github.com/anthonyharrison> weigh in whether an explicit log4j one is still needed. — Reply to this email directly, view it on GitHub <#1463 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ACAID25CZQ3KPOQ2OQERG2TUUYG3NANCNFSM5KCMMQ6Q> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>. You are receiving this because you were mentioned.Message ID: ***@***.***>

[terriko]

okey dokey, close time.