-
|
Hello all, I searched through the old posts for log4j fixes before this and believe this is a new find that our tenable instance hit on
I initially believed this to be a false positive, but after pulling down the jar file and running a "Jar -tf | grep Jndi" I found the vulnerable lookup class in it.
Not sure what this file is being used for, but would appreciate confirmation from the team before re-rolling this finding as a false positive. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 7 replies
-
|
What is the output of the following? |
Beta Was this translation helpful? Give feedback.
-
|
/source/logstash/logstash-core/src/test/resources/org/logstash/plugins/logstash-input-java_input_example-0.0.1.jar |
Beta Was this translation helpful? Give feedback.
-
|
There shouldn't be a |
Beta Was this translation helpful? Give feedback.
-
|
This is an Azure VM. Sorry, I should've specified this ahead of time. |
Beta Was this translation helpful? Give feedback.
-
|
In that case, yes, cloud images do have a |
Beta Was this translation helpful? Give feedback.
-
|
Awesome, thanks Doug! |
Beta Was this translation helpful? Give feedback.
In that case, yes, cloud images do have a
/sourcedirectory. This is a snapshot of the source code from all major third-party products included with Security Onion. However, no services actually run from there. You can safely remove that folder.