Exploit for Uncontrolled Resource Consumption in Apache Log4J

Name: Exploit for Uncontrolled Resource Consumption in Apache Log4J
Rating: 5 (418 reviews)

2021-12-19 | CVSS 8.6

## https://sploitus.com/exploit?id=0CBB2E72-C52F-59B6-BD73-DBDD206C4C35
# inspec-log4j

This profile scans for vulnerable versions of Log4j Core JAR files directly on the file system, and embedded in WAR files.

## Running the profile locally

```
git clone https://github.com/trickyearlobe/inspec-log4j
inspec exec inspec-log4j
```

## Running the profile against a remote SSH target

Ensure you have SSH keys loaded for a privileged user (such as root) on the target.
Alternatively, check the [CLI docs](https://docs.chef.io/inspec/cli/) to see how to use Inspec with SUDO

```
git clone https://github.com/trickyearlobe/inspec-log4j
inspec exec inspec-log4j -t ssh://root@host
```

## Packaging the profile for upload to Chef Automate

```
git clone https://github.com/trickyearlobe/inspec-log4j
inspec archive inspec-log4j
```