Standardize Log4j Entries (#5634)

* Standardize Log4j name and classification fields Co-authored-by: sullo <sullo@cirt.net>
2022-10-10 15:51:42 -04:00 · 2022-10-10 15:51:42 -04:00 · bcd4ae950d
parent a8c023abc4
commit bcd4ae950d
23 changed files with 74 additions and 30 deletions
--- a/cves/2021/CVE-2021-45046.yaml
+++ b/cves/2021/CVE-2021-45046.yaml
@ -1,7 +1,7 @@
 id: CVE-2021-45046

 info:
-  name: Apache Log4j2 Remote Code Injection
+  name: Apache Log4j2 - Remote Code Injection
  author: ImNightmaree
  severity: critical
  description: Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.
@ -13,7 +13,7 @@ info:
    - https://nvd.nist.gov/vuln/detail/CVE-2021-44228
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
-    cvss-score: 9
+    cvss-score: 9.0
    cve-id: CVE-2021-45046
    cwe-id: CWE-502
  tags: cve,cve2021,rce,oast,log4j,injection
--- a/vulnerabilities/apache/apache-ofbiz-log4j-rce.yaml
+++ b/vulnerabilities/apache/apache-ofbiz-log4j-rce.yaml
@ -1,7 +1,7 @@
 id: apache-ofbiz-log4j-rce

 info:
-  name: Apache OFBiz - Log4j JNDI Remote Code Execution
+  name: Apache OFBiz - JNDI Remote Code Execution (Apache Log4j)
  author: pdteam
  severity: critical
  description: |
@ -14,6 +14,7 @@ info:
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10.0
+    cve-id: CVE-2021-44228
    cwe-id: CWE-77
  remediation: Upgrade to Apache OFBiz version 8.12.03 or later.
  metadata:
--- a/vulnerabilities/apache/apache-solr-log4j-rce.yaml
+++ b/vulnerabilities/apache/apache-solr-log4j-rce.yaml
@ -1,7 +1,7 @@
 id: apache-solr-log4j-rce

 info:
-  name: Apache Solr 7+ - Log4j Remote Code Execution
+  name: Apache Solr 7+ - Remote Code Execution (Apache Log4j)
  author: Evan Rubinstein,nvn1729
  severity: critical
  description: |
@ -15,6 +15,7 @@ info:
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10.0
+    cve-id: CVE-2021-44228
    cwe-id: CWE-77
  metadata:
    verified: true
--- a/vulnerabilities/cisco/cisco-unified-communications-log4j.yaml
+++ b/vulnerabilities/cisco/cisco-unified-communications-log4j.yaml
@ -9,6 +9,11 @@ info:
    - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
    - https://logging.apache.org/log4j/2.x/security.html
    - https://nvd.nist.gov/vuln/detail/CVE-2021-44228
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10.0
+    cve-id: CVE-2021-44228
+    cwe-id: CWE-77
  metadata:
    verified: true
    shodan-query: title:"Cisco Unified"
--- a/vulnerabilities/cisco/cisco-vmanage-log4j.yaml
+++ b/vulnerabilities/cisco/cisco-vmanage-log4j.yaml
@ -9,6 +9,11 @@ info:
    - https://www.tenable.com/plugins/nessus/161212
    - https://logging.apache.org/log4j/2.x/security.html
    - https://nvd.nist.gov/vuln/detail/CVE-2021-44228
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10.0
+    cve-id: CVE-2021-44228
+    cwe-id: CWE-77
  metadata:
    verified: true
    shodan-query: title:"vManage"
--- a/vulnerabilities/code42/code42-log4j-rce.yaml
+++ b/vulnerabilities/code42/code42-log4j-rce.yaml
@ -1,7 +1,7 @@
 id: code42-log4j-rce

 info:
-  name: Apache Code42 -  Log4j Remote Code Execution
+  name: Apache Code42 -  Remote Code Execution (Apache Log4j)
  author: Adam Crosser
  severity: critical
  description: |
@ -18,6 +18,7 @@ info:
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10.0
+    cve-id: CVE-2021-44228
    cwe-id: CWE-77
  tags: jndi,log4j,rce,cve,cve2021,oast,code42

--- a/vulnerabilities/jamf/jamf-log4j-jndi-rce.yaml
+++ b/vulnerabilities/jamf/jamf-log4j-jndi-rce.yaml
@ -1,7 +1,7 @@
 id: jamf-log4j-jndi-rce

 info:
-  name: JamF  - Log4j Remote Code Execution
+  name: JamF  - Remote Code Execution  (Apache Log4j)
  author: pdteam
  severity: critical
  description: |
@ -14,6 +14,7 @@ info:
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10.0
+    cve-id: CVE-2021-44228
    cwe-id: CWE-77
  metadata:
    verified: true
--- a/vulnerabilities/mobileiron/mobileiron-log4j-jndi-rce.yaml
+++ b/vulnerabilities/mobileiron/mobileiron-log4j-jndi-rce.yaml
@ -1,7 +1,7 @@
 id: mobileiron-log4j-jndi-rce

 info:
-  name: Ivanti MobileIron Log4J JNDI RCE
+  name: Ivanti MobileIron - JNDI Remote Command Execution (Apache Log4j)
  author: meme-lord
  severity: critical
  description: Ivanti MobileIron Apache Log4j2 <=2.14.1 JNDI in features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.
--- a/vulnerabilities/other/elasticsearch5-log4j-rce.yaml
+++ b/vulnerabilities/other/elasticsearch5-log4j-rce.yaml
@ -13,6 +13,7 @@ info:
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10.0
+    cve-id: CVE-2021-44228
    cwe-id: CWE-77
  metadata:
    verified: true
--- a/vulnerabilities/other/goanywhere-mft-log4j-rce.yaml
+++ b/vulnerabilities/other/goanywhere-mft-log4j-rce.yaml
@ -1,9 +1,10 @@
 id: goanywhere-mft-log4j-rce

 info:
-  name: GoAnywhere Managed File Transfer -  Log4j Remote Code Execution
+  name: GoAnywhere Managed File Transfer -  Remote Code Execution (Apache Log4j)
  author: pussycat0x
  severity: critical
+  description: GoAnywhere Managed File Transfer is vulnerable to a remote command execution (RCE) issue via the included Apache Log4j.
  reference:
    - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps
    - https://logging.apache.org/log4j/2.x/security.html
@ -12,6 +13,7 @@ info:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10.0
    cwe-id: CWE-77
+    cve-id: CVE-2021-44228
  metadata:
    verified: true
    shodan-query: http.html:"GoAnywhere Managed File Transfer"
@ -63,3 +65,5 @@ requests:
        group: 1
        regex:
          - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'  # Print extracted ${sys:os.name} in output
+
+# Enhanced by cs 2022/10/10
--- a/vulnerabilities/other/graylog-log4j.yaml
+++ b/vulnerabilities/other/graylog-log4j.yaml
@ -10,10 +10,10 @@ info:
    - https://logging.apache.org/log4j/2.x/security.html
    - https://nvd.nist.gov/vuln/detail/CVE-2021-44228
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
-    cvss-score: 10
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10.0
    cve-id: CVE-2021-44228
-    cwe-id: CWE-917
+    cwe-id: CWE-77
  metadata:
    shodan-query: title:"Graylog Web Interface"
    verified: "true"
--- a/vulnerabilities/other/jamf-pro-log4j.yaml
+++ b/vulnerabilities/other/jamf-pro-log4j.yaml
@ -9,6 +9,11 @@ info:
    - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html
    - https://logging.apache.org/log4j/2.x/security.html
    - https://nvd.nist.gov/vuln/detail/CVE-2021-44228
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10.0
+    cve-id: CVE-2021-44228
+    cwe-id: CWE-77
  metadata:
    verified: true
    shodan-query: title:"Jamf Pro"
--- a/vulnerabilities/other/metabase-log4j.yaml
+++ b/vulnerabilities/other/metabase-log4j.yaml
@ -9,6 +9,11 @@ info:
    - https://www.cybersecurity-help.cz/vdb/SB2021121706
    - https://logging.apache.org/log4j/2.x/security.html
    - https://nvd.nist.gov/vuln/detail/CVE-2021-44228
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10.0
+    cve-id: CVE-2021-44228
+    cwe-id: CWE-77
  metadata:
    verified: true
    shodan-query: title:"Metabase"
--- a/vulnerabilities/other/opennms-log4j-jndi-rce.yaml
+++ b/vulnerabilities/other/opennms-log4j-jndi-rce.yaml
@ -4,7 +4,7 @@ info:
  name: OpenNMS - JNDI Remote Code Execution (Apache Log4j)
  author: johnk3r
  severity: critical
-  description: |2
+  description: |
    OpenNMS JNDI is susceptible to remote code execution via Apache Log4j 2.14.1 and before. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.
  reference:
    - https://www.horizon3.ai/the-long-tail-of-log4shell-exploitation/
@ -12,10 +12,10 @@ info:
    - https://logging.apache.org/log4j/2.x/security.html
    - https://nvd.nist.gov/vuln/detail/CVE-2021-44228
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
-    cvss-score: 10
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10.0
    cve-id: CVE-2021-44228
-    cwe-id: CWE-917
+    cwe-id: CWE-77
  metadata:
    shodan-query: title:"OpenNMS Web Console"
    verified: "true"
--- a/vulnerabilities/other/rundeck-log4j.yaml
+++ b/vulnerabilities/other/rundeck-log4j.yaml
@ -9,6 +9,11 @@ info:
    - https://docs.rundeck.com/docs/history/CVEs/log4j.html
    - https://logging.apache.org/log4j/2.x/security.html
    - https://nvd.nist.gov/vuln/detail/CVE-2021-44228
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10.0
+    cve-id: CVE-2021-44228
+    cwe-id: CWE-77
  metadata:
    verified: true
    shodan-query: title:"Rundeck"
--- a/vulnerabilities/other/unifi-network-log4j-rce.yaml
+++ b/vulnerabilities/other/unifi-network-log4j-rce.yaml
@ -1,7 +1,7 @@
 id: unifi-network-log4j-rce

 info:
-  name: UniFi Network Application - Remote Code Execution (Log4j)
+  name: UniFi Network Application - Remote Code Execution (Apache Log4j)
  author: KrE80r
  severity: critical
  description: |
@ -14,6 +14,7 @@ info:
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10.0
+    cve-id: CVE-2021-44228
    cwe-id: CWE-77
  metadata:
    verified: true
--- a/vulnerabilities/other/vmware-siterecovery-log4j-rce.yaml
+++ b/vulnerabilities/other/vmware-siterecovery-log4j-rce.yaml
@ -13,6 +13,7 @@ info:
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10.0
+    cve-id: CVE-2021-44228
    cwe-id: CWE-77
  metadata:
    verified: true
--- a/vulnerabilities/vmware/vmware-hcx-log4j.yaml
+++ b/vulnerabilities/vmware/vmware-hcx-log4j.yaml
@ -10,10 +10,10 @@ info:
    - https://logging.apache.org/log4j/2.x/security.html
    - https://nvd.nist.gov/vuln/detail/CVE-2021-44228
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
-    cvss-score: 10
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10.0
    cve-id: CVE-2021-44228
-    cwe-id: CWE-917
+    cwe-id: CWE-77
  metadata:
    shodan-query: title:"VMware HCX"
    verified: "true"
--- a/vulnerabilities/vmware/vmware-horizon-log4j-jndi-rce.yaml
+++ b/vulnerabilities/vmware/vmware-horizon-log4j-jndi-rce.yaml
@ -12,10 +12,10 @@ info:
    - https://logging.apache.org/log4j/2.x/security.html
    - https://nvd.nist.gov/vuln/detail/CVE-2021-44228
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
-    cvss-score: 10
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10.0
    cve-id: CVE-2021-44228
-    cwe-id: CWE-917
+    cwe-id: CWE-77
  metadata:
    shodan-query: http.html:"VMware Horizon"
    verified: "true"
--- a/vulnerabilities/vmware/vmware-nsx-log4j.yaml
+++ b/vulnerabilities/vmware/vmware-nsx-log4j.yaml
@ -10,10 +10,10 @@ info:
    - https://logging.apache.org/log4j/2.x/security.html
    - https://nvd.nist.gov/vuln/detail/CVE-2021-44228
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
-    cvss-score: 10
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10.0
    cve-id: CVE-2021-44228
-    cwe-id: CWE-917
+    cwe-id: CWE-77
  metadata:
    shodan-query: html:"vmw_nsx_logo-black-triangle-500w.png"
    verified: "true"
--- a/vulnerabilities/vmware/vmware-operation-manager-log4j.yaml
+++ b/vulnerabilities/vmware/vmware-operation-manager-log4j.yaml
@ -9,6 +9,11 @@ info:
    - https://www.vmware.com/security/advisories/VMSA-2021-0028.html
    - https://logging.apache.org/log4j/2.x/security.html
    - https://nvd.nist.gov/vuln/detail/CVE-2021-44228
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10.0
+    cve-id: CVE-2021-44228
+    cwe-id: CWE-77
  metadata:
    verified: true
    shodan-query: title:"vRealize Operations Manager"
--- a/vulnerabilities/vmware/vmware-vcenter-log4j-jndi-rce.yaml
+++ b/vulnerabilities/vmware/vmware-vcenter-log4j-jndi-rce.yaml
@ -13,10 +13,10 @@ info:
    - https://logging.apache.org/log4j/2.x/security.html
    - https://nvd.nist.gov/vuln/detail/CVE-2021-44228
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
-    cvss-score: 10
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10.0
    cve-id: CVE-2021-44228
-    cwe-id: CWE-917
+    cwe-id: CWE-77
  metadata:
    shodan-query: title:"VMware VCenter"
  tags: cve,cve2021,rce,jndi,log4j,vcenter,vmware,oast,kev
--- a/vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml
+++ b/vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml
@ -1,7 +1,7 @@
 id: vrealize-operations-log4j-rce

 info:
-  name: VMware vRealize Operations Tenant App Log4j JNDI Remote Code Execution
+  name: VMware vRealize Operations Tenant - JNDI Remote Code Execution (Apache Log4j)
  author: bughuntersurya
  severity: critical
  description: |
@ -14,7 +14,10 @@ info:
    - https://logging.apache.org/log4j/2.x/security.html
    - https://nvd.nist.gov/vuln/detail/CVE-2021-44228
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10.0
+    cve-id: CVE-2021-44228
+    cwe-id: CWE-77
  metadata:
    verified: true
    shodan-query: http.title:"vRealize Operations Tenant App"