Merge pull request #4847 from ritikchaddha/Update-metadata-query

Log4j templates enhancement

cves/2021/CVE-2021-44228.yaml

@@ -4,7 +4,8 @@ info:
   name: Apache Log4j2 Remote Code Injection
   author: melbadry9,dhiyaneshDK,daffainfo,anon-artist,0xceba,Tea
   severity: critical
-  description: Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.
+  description: |
+    Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.
   reference:
     - https://logging.apache.org/log4j/2.x/security.html
     - https://nvd.nist.gov/vuln/detail/CVE-2021-44228

cves/2021/CVE-2021-45046.yaml

@@ -10,6 +10,7 @@ info:
     - https://twitter.com/marcioalm/status/1471740771581652995
     - https://logging.apache.org/log4j/2.x/
     - http://www.openwall.com/lists/oss-security/2021/12/14/4
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-44228
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
     cvss-score: 9

vulnerabilities/apache/apache-ofbiz-log4j-rce.yaml

@@ -8,14 +8,17 @@ info:
     Apache OFBiz is affected by a remote code execution vulnerability in the bundled Apache Log4j logging library. Apache Log4j is vulnerable due to insufficient protections on message lookup substitutions when dealing with user controlled input. A remote, unauthenticated attacker can exploit this, via a web request, to execute arbitrary code with the permission level of the running Java process.
   reference:
     - https://issues.apache.org/jira/browse/OFBIZ-12449
-    - https://nvd.nist.gov/vuln/detail/CVE-2021-44228
     - https://ofbiz.apache.org/
+    - https://logging.apache.org/log4j/2.x/security.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-44228
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
     cvss-score: 10.0
     cwe-id: CWE-77
   remediation: Upgrade to Apache OFBiz version 8.12.03 or later.
-  tags: ofbiz,oast,log4j,rce,apache,jndi
+  metadata:
+    shodan-query: http.html:"Apache OFBiz"
+  tags: cve,cve2021,ofbiz,oast,log4j,rce,apache,jndi
 
 requests:
   - raw:

vulnerabilities/apache/apache-solr-log4j-rce.yaml

@@ -10,12 +10,16 @@ info:
     - https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228
     - https://twitter.com/sirifu4k1/status/1470011568834424837
     - https://github.com/apache/solr/pull/454
+    - https://logging.apache.org/log4j/2.x/security.html
     - https://nvd.nist.gov/vuln/detail/CVE-2021-44228
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
     cvss-score: 10.0
     cwe-id: CWE-77
-  tags: solr,oast,log4j,rce,apache,jndi
+  metadata:
+    verified: true
+    shodan-query: http.html:"Apache Solr"
+  tags: cve,cve2021,solr,oast,log4j,rce,apache,jndi
 
 requests:
   - method: GET

vulnerabilities/code42/code42-log4j-rce.yaml

@@ -13,6 +13,8 @@ info:
     - On-premises Code42 app: Updated to Log4j 2.16 on December 17, 2021
   reference:
     - https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_response_to_industry_security_incidents
+    - https://logging.apache.org/log4j/2.x/security.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-44228
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
     cvss-score: 10.0

vulnerabilities/jamf/jamf-log4j-jndi-rce.yaml

@@ -9,11 +9,16 @@ info:
   reference:
     - https://github.com/random-robbie/jamf-log4j
     - https://community.connection.com/what-is-jamf/
+    - https://logging.apache.org/log4j/2.x/security.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-44228
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
     cvss-score: 10.0
     cwe-id: CWE-77
-  tags: rce,jndi,log4j,jamf
+  metadata:
+    verified: true
+    shodan-query: http.html:"JamF"
+  tags: cve,cve2021,rce,jndi,log4j,jamf,oast
 
 requests:
   - raw:

vulnerabilities/mobileiron/mobileiron-log4j-jndi-rce.yaml

@@ -3,18 +3,22 @@ id: mobileiron-log4j-jndi-rce
 info:
   name: Ivanti MobileIron Log4J JNDI RCE
   author: meme-lord
-  severity: high
+  severity: critical
   description: Ivanti MobileIron Apache Log4j2 <=2.14.1 JNDI in features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker
     who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.
   reference:
     - https://github.com/advisories/GHSA-jfh8-c2jp-5v3q
     - https://www.lunasec.io/docs/blog/log4j-zero-day/
     - https://www.zdnet.com/article/mobileiron-customers-urged-to-patch-systems-due-to-potential-log4j-exploitation/
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
+    - https://logging.apache.org/log4j/2.x/security.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-44228
   classification:
     cve-id: CVE-2021-44228
   remediation: Upgrade to version 2.14.2 or higher of MobileIron. If this is not possible, several Log4j exploit workarounds are available.
-  tags: jndi,log4j,rce,cve,cve2021
+  metadata:
+    verified: true
+    shodan-query: http.html:"MobileIron"
+  tags: jndi,log4j,rce,cve,cve2021,ivanti,oast,mobileiron
 
 requests:
   - raw:

vulnerabilities/other/unifi-network-log4j-rce.yaml

@@ -4,17 +4,21 @@ info:
   name: UniFi Network Application - Remote Code Execution (Log4j)
   author: KrE80r
   severity: critical
-  description: UniFi Network Application is susceptible to a critical vulnerability in Apache Log4j (CVE-2021-44228) that may allow for remote code execution in an impacted implementation.
+  description: |
+    UniFi Network Application is susceptible to a critical vulnerability in Apache Log4j (CVE-2021-44228) that may allow for remote code execution in an impacted implementation.
   reference:
     - https://community.ui.com/releases/UniFi-Network-Application-6-5-55/48c64137-4a4a-41f7-b7e4-3bee505ae16e
     - https://twitter.com/sprocket_ed/status/1473301038832701441
-  metadata:
-    shodan-query: http.title:"UniFi Network"
+    - https://logging.apache.org/log4j/2.x/security.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-44228
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
     cvss-score: 10.0
     cwe-id: CWE-77
-  tags: rce,log4j,ubnt,unifi,oast,jndi
+  metadata:
+    verified: true
+    shodan-query: http.title:"UniFi Network"
+  tags: cve,cve2021,rce,log4j,ubnt,unifi,oast,jndi
 
 requests:
   - raw:

vulnerabilities/springboot/springboot-log4j-rce.yaml

@@ -9,13 +9,15 @@ info:
     - https://logging.apache.org/log4j/2.x/security.html
     - https://www.lunasec.io/docs/blog/log4j-zero-day/
     - https://github.com/twseptian/Spring-Boot-Log4j-CVE-2021-44228-Docker-Lab
+    - https://logging.apache.org/log4j/2.x/security.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-44228
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
     cvss-score: 10.0
     cve-id: CVE-2021-44228
     cwe-id: CWE-502
   remediation: Upgrade to Log4j 2.3.1 (for Java 6), 2.12.3 (for Java 7), or 2.17.0 (for Java 8 and later).
-  tags: springboot,rce,oast,log4j
+  tags: cve,cve2021,springboot,rce,oast,log4j
 
 requests:
   - raw:

vulnerabilities/vmware/vmware-horizon-log4j-jndi-rce.yaml

@@ -3,12 +3,18 @@ id: vmware-horizon-log4j-jndi-rce
 info:
   name: VMware Horizon Log4j JNDI RCE
   author: johnk3r
-  severity: high
-  description: A critical vulnerability in Apache Log4j identified by CVE-2021-44228 has been publicly disclosed that may allow for remote code execution in impacted VMware Horizon.
+  severity: critical
+  description: |
+    A critical vulnerability in Apache Log4j identified by CVE-2021-44228 has been publicly disclosed that may allow for remote code execution in impacted VMware Horizon.
   reference:
     - https://attackerkb.com/topics/in9sPR2Bzt/cve-2021-44228-log4shell/rapid7-analysis
     - https://www.vmware.com/security/advisories/VMSA-2021-0028.html
-  tags: rce,jndi,log4j,horizon,vmware
+    - https://logging.apache.org/log4j/2.x/security.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-44228
+  metadata:
+    verified: true
+    shodan-query: http.html:"VMware Horizon"
+  tags: cve,cve2021,rce,jndi,log4j,horizon,vmware,oast
 
 requests:
   - raw:

vulnerabilities/vmware/vmware-vcenter-log4j-jndi-rce.yaml

@@ -3,13 +3,18 @@ id: vmware-vcenter-log4j-jndi-rce
 info:
   name: VMware VCenter Log4j JNDI RCE
   author: _0xf4n9x_
-  severity: high
-  description: A critical vulnerability in Apache Log4j identified by CVE-2021-44228 has been publicly disclosed that may allow for remote code execution in impacted VMware VCenter.
+  severity: critical
+  description: |
+    A critical vulnerability in Apache Log4j identified by CVE-2021-44228 has been publicly disclosed that may allow for remote code execution in impacted VMware VCenter.
   reference:
     - https://www.vmware.com/security/advisories/VMSA-2021-0028.html
     - https://github.com/advisories/GHSA-jfh8-c2jp-5v3q
     - https://twitter.com/tnpitsecurity/status/1469429810216771589
-  tags: rce,jndi,log4j,vcenter,vmware
+    - https://logging.apache.org/log4j/2.x/security.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-44228
+  metadata:
+    shodan-query: title:"VMware VCenter"
+  tags: cve,cve2021,rce,jndi,log4j,vcenter,vmware,oast
 
 requests:
   - raw:

vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml

@@ -4,17 +4,21 @@ info:
   name: VMware vRealize Operations Tenant App Log4j JNDI Remote Code Execution
   author: bughuntersurya
   severity: critical
-  description: VMware vRealize Operations is susceptible to a critical vulnerability in Apache Log4j which may allow remote code execution in an impacted vRealize Operations Tenant application.
+  description: |
+    VMware vRealize Operations is susceptible to a critical vulnerability in Apache Log4j which may allow remote code execution in an impacted vRealize Operations Tenant application.
   reference:
     - https://www.vmware.com/security/advisories/VMSA-2021-0028.html
     - https://core.vmware.com/vmsa-2021-0028-questions-answers-faq
     - https://nvd.nist.gov/vuln/detail/CVE-2021-44228
     - https://nvd.nist.gov/vuln/detail/CVE-2021-45046
+    - https://logging.apache.org/log4j/2.x/security.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-44228
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
   metadata:
+    verified: true
     shodan-query: http.title:"vRealize Operations Tenant App"
-  tags: rce,log4j,vmware,vrealize
+  tags: cve,cve2021,oast,rce,log4j,vmware,vrealize
 
 requests:
   - raw: