API tools faq
paste
Advertisement
Python253

cve_2021_44228_apache_log4j

Python253
Apr 9th, 2024
956
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 3.00 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/env python3
  2. # -*- coding: utf-8 -*-
  3. # Filename: cve_2021_44228_apache_log4j.py
  4. # Version: 1.0.0
  5. # Author: Jeoi Reqi
  6. # Vulnerability Source: https://nvd.nist.gov/vuln/detail/CVE-2021-44228
  7.  
  8. """
  9. Description:
  10. This script checks for the presence of vulnerable software configurations on the user's machine
  11. in relation to the CVE-2021-44228 vulnerability. It compares the list of installed software on
  12. the system with a predefined list of vulnerable software configurations associated with the CVE.
  13. If any vulnerable software configurations are found, it displays a warning message to prompt
  14. the user to take immediate action to mitigate the vulnerability.
  15.  
  16. Requirements:
  17. - Python 3.x: The script is written in Python 3 and requires a Python interpreter of version 3 or higher to run.
  18.  
  19. Usage:
  20. 1. Run the script using the command `python cve_2021_44228_apache_log4j.py`.
  21. 2. The script will verify if any vulnerable software configurations are installed on your machine and
  22.   provide instructions for mitigation if necessary.
  23.  
  24. Functions:
  25. - get_installed_software(): Retrieves a list of installed software on the user's machine.
  26. - check_for_vulnerabilities(): Compares the list of installed software with a predefined list of vulnerable
  27.  software configurations and displays a warning message if any vulnerable software configurations are found.
  28.  
  29. Important Notes:
  30. - The predefined list of vulnerable software configurations in this script corresponds to the CVE-2021-44228 vulnerability.
  31. """
  32.  
  33. import wmi
  34.  
  35. vulnerable_software = [
  36.     "Apache Log4j 2.0 up to (excluding) 2.12.2",
  37.     "Apache Log4j 2.13.0 up to (excluding) 2.16.0"
  38. ]
  39.  
  40. def get_installed_software():
  41.     """
  42.    Retrieves a list of installed software on the user's machine using the WMI module.
  43.    
  44.    Returns:
  45.        list: A list containing the names of installed software.
  46.    """
  47.     c = wmi.WMI()
  48.     installed_software = []
  49.     for item in c.Win32_Product():
  50.         installed_software.append(item.Caption)
  51.     return installed_software
  52.  
  53. def check_for_vulnerabilities():
  54.     """
  55.    Compares the list of installed software with a predefined list of vulnerable software configurations
  56.    and displays a warning message if any vulnerable software configurations are found.
  57.    """
  58.     installed_software = get_installed_software()
  59.     vulnerable_installed = [software for software in installed_software if software in vulnerable_software]
  60.     if vulnerable_installed:
  61.         print("\nWarning:\nThe following vulnerable software configurations are installed on your machine:")
  62.         for software in vulnerable_installed:
  63.             print("- " + software)
  64.         print("\nPlease take immediate action to mitigate the vulnerability by applying updates per vendor instructions.\n")
  65.     else:
  66.         print("\nAll clear!\nNone of the vulnerable software configurations are installed on your machine.\n")
  67.  
  68. if __name__ == "__main__":
  69.     print("Verifying vulnerable software configurations...")
  70.     check_for_vulnerabilities()
  71.  
  72.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!