How to scan for log4j on Windows Server

windows-server-2012-r2 log4j

Solution 1:

That is definitely insufficient. You need something to open up war/jar/etc files and inspect inside there. Further, depending on the filename to match isn't guaranteed to work. Finally, you're not checking on the version with that, so you'd also need to determine if you're running a vulnerable version.

This page has a link to a github project that does claim to do these things.

Related

Is it possible to detect an ajax request with Apache 2.4 for a mod_rewrite rule?
How to convert BASH script to DASH or other solutions?
Set Apache Alias for specific ServerAlias
Redirect http url on port 5061 to https same port 5061 on apache
What, exactly, is the difference between "host only" and "LAN segment" in VMware?
Mac can be arpinged but not pinged
Unable to communicate with pacemaker host while authorising
"Windows cannot find the Microsoft Software License Terms" when installing Windows Server 2016 in a VM
apache2 sends corrupt responses when using a cifs-share
How do I check if Log4j is installed on my server?
Is there a way to stop the AWS Elasticsearch?
How to detect if ANY block is broken using command blocks in Minecraft