我有一系列主机名和漏洞重复的漏洞。我想按主机名和IP输出一个对象,以包括与该主机相关的漏洞列表。
到目前为止,我已经能够用这个查询jq 'group_by(."Host Name") | map({"HostName": .[0]."Host Name", "IP": .[0]."IP Address", Vuln: map(.NexposeID) | unique})'提取下面的对象
我缺少的是一个";Vuln"对象,以包括每个nextposeid的证明、描述和标题等值。
[
{
"HostName": "host1",
"IP": "10.1.10.20",
"Vuln": [
"apache-log4j-core-cve-2021-44228",
"apache-log4j-core-cve-2021-45046",
"apache-log4j-core-cve-2021-45105"
]
},
{
"HostName": "host2",
"IP": "10.1.10.10",
"Vuln": [
"apache-log4j-core-cve-2021-44228",
"apache-log4j-core-cve-2021-45046",
"apache-log4j-core-cve-2021-45105"
]
}
]
示例JSON
[
{
" Vulnerability Title": "Apache Log4j Core: CVE-2021-45046: Apache Log4j2 Thread Context Lookup Pattern vulnerable to remote code execution in certain non-default configurations",
"Host Name": "host1",
"IP Address": "10.1.10.20",
"NexposeID": "apache-log4j-core-cve-2021-45046",
"Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)No mitigation applied. JndiLookup class discovered.",
"Proof Key": "/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar",
"Solution Fix": "Download and apply the patch from: https://logging.apache.org/log4j/2.x/download.html (https://logging.apache.org/log4j/2.x/download.html)",
"Solution Summary": "Upgrade Apache Log4j Core to the latest version",
"Solution Type": "PATCH",
"Solution url": "https://logging.apache.org/log4j/2.x/download.html",
"Vulnerability Description": "It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern, resulting in an information leak and remote code execution in some environments and local code execution in all environments; remote code execution has been demonstrated on macOS but no other tested environments."
},
{
" Vulnerability Title": "Apache Log4j Core: CVE-2021-45046: Apache Log4j2 Thread Context Lookup Pattern vulnerable to remote code execution in certain non-default configurations",
"Host Name": "host1",
"IP Address": "10.1.10.20",
"NexposeID": "apache-log4j-core-cve-2021-45046",
"Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)No mitigation applied. JndiLookup class discovered.",
"Proof Key": "/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar",
"Solution Fix": "Download and apply the patch from: https://logging.apache.org/log4j/2.x/download.html (https://logging.apache.org/log4j/2.x/download.html)",
"Solution Summary": "Upgrade Apache Log4j Core to the latest version",
"Solution Type": "PATCH",
"Solution url": "https://logging.apache.org/log4j/2.x/download.html",
"Vulnerability Description": "It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern, resulting in an information leak and remote code execution in some environments and local code execution in all environments; remote code execution has been demonstrated on macOS but no other tested environments."
},
{
" Vulnerability Title": "Apache Log4j Core: CVE-2021-45046: Apache Log4j2 Thread Context Lookup Pattern vulnerable to remote code execution in certain non-default configurations",
"Host Name": "host2",
"IP Address": "10.1.10.10",
"NexposeID": "apache-log4j-core-cve-2021-45046",
"Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)No mitigation applied. JndiLookup class discovered.",
"Proof Key": "/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar",
"Solution Fix": "Download and apply the patch from: https://logging.apache.org/log4j/2.x/download.html (https://logging.apache.org/log4j/2.x/download.html)",
"Solution Summary": "Upgrade Apache Log4j Core to the latest version",
"Solution Type": "PATCH",
"Solution url": "https://logging.apache.org/log4j/2.x/download.html",
"Vulnerability Description": "It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern, resulting in an information leak and remote code execution in some environments and local code execution in all environments; remote code execution has been demonstrated on macOS but no other tested environments."
},
{
" Vulnerability Title": "Apache Log4j Core: CVE-2021-45046: Apache Log4j2 Thread Context Lookup Pattern vulnerable to remote code execution in certain non-default configurations",
"Host Name": "host2",
"IP Address": "10.1.10.10",
"NexposeID": "apache-log4j-core-cve-2021-45046",
"Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)No mitigation applied. JndiLookup class discovered.",
"Proof Key": "/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar",
"Solution Fix": "Download and apply the patch from: https://logging.apache.org/log4j/2.x/download.html (https://logging.apache.org/log4j/2.x/download.html)",
"Solution Summary": "Upgrade Apache Log4j Core to the latest version",
"Solution Type": "PATCH",
"Solution url": "https://logging.apache.org/log4j/2.x/download.html",
"Vulnerability Description": "It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern, resulting in an information leak and remote code execution in some environments and local code execution in all environments; remote code execution has been demonstrated on macOS but no other tested environments."
},
{
" Vulnerability Title": "Apache Log4j Core: CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation",
"Host Name": "host1",
"IP Address": "10.1.10.20",
"NexposeID": "apache-log4j-core-cve-2021-45105",
"Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)",
"Proof Key": "/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar",
"Solution Fix": "Download and apply the patch from: https://logging.apache.org/log4j/2.x/download.html (https://logging.apache.org/log4j/2.x/download.html)",
"Solution Summary": "Upgrade Apache Log4j Core to 2.12.3",
"Solution Type": "PATCH",
"Solution url": "https://logging.apache.org/log4j/2.x/download.html",
"Vulnerability Description": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a StackOverflowError that will terminate the process. This is also known as a DOS (Denial of Service) attack."
},
{
" Vulnerability Title": "Apache Log4j Core: CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation",
"Host Name": "host1",
"IP Address": "10.1.10.20",
"NexposeID": "apache-log4j-core-cve-2021-45105",
"Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)",
"Proof Key": "/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar",
"Solution Fix": "Download and apply the patch from: https://logging.apache.org/log4j/2.x/download.html (https://logging.apache.org/log4j/2.x/download.html)",
"Solution Summary": "Upgrade Apache Log4j Core to 2.12.3",
"Solution Type": "PATCH",
"Solution url": "https://logging.apache.org/log4j/2.x/download.html",
"Vulnerability Description": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a StackOverflowError that will terminate the process. This is also known as a DOS (Denial of Service) attack."
},
{
" Vulnerability Title": "Apache Log4j Core: CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation",
"Host Name": "host2",
"IP Address": "10.1.10.10",
"NexposeID": "apache-log4j-core-cve-2021-45105",
"Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)",
"Proof Key": "/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar",
"Solution Fix": "Download and apply the patch from: https://logging.apache.org/log4j/2.x/download.html (https://logging.apache.org/log4j/2.x/download.html)",
"Solution Summary": "Upgrade Apache Log4j Core to 2.12.3",
"Solution Type": "PATCH",
"Solution url": "https://logging.apache.org/log4j/2.x/download.html",
"Vulnerability Description": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a StackOverflowError that will terminate the process. This is also known as a DOS (Denial of Service) attack."
},
{
" Vulnerability Title": "Apache Log4j Core: CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation",
"Host Name": "host2",
"IP Address": "10.1.10.10",
"NexposeID": "apache-log4j-core-cve-2021-45105",
"Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)",
"Proof Key": "/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar",
"Solution Fix": "Download and apply the patch from: https://logging.apache.org/log4j/2.x/download.html (https://logging.apache.org/log4j/2.x/download.html)",
"Solution Summary": "Upgrade Apache Log4j Core to 2.12.3",
"Solution Type": "PATCH",
"Solution url": "https://logging.apache.org/log4j/2.x/download.html",
"Vulnerability Description": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a StackOverflowError that will terminate the process. This is also known as a DOS (Denial of Service) attack."
},
{
" Vulnerability Title": "Apache Log4j Core: CVE-2021-44228: JNDI support has not restricted what names could be resolved allowing remote code execution",
"Host Name": "host1",
"IP Address": "10.1.10.20",
"NexposeID": "apache-log4j-core-cve-2021-44228",
"Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)No mitigation applied. JndiLookup class discovered.",
"Proof Key": "/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar",
"Solution Fix": "Download and apply the patch from: https://logging.apache.org/log4j/2.x/download.html (https://logging.apache.org/log4j/2.x/download.html)",
"Solution Summary": "Upgrade Apache Log4j Core to the latest version",
"Solution Type": "PATCH",
"Solution url": "https://logging.apache.org/log4j/2.x/download.html",
"Vulnerability Description": "One vector that allowed exposure to this vulnerability was Log4j’s allowance of Lookups to appear in log messages. This meant that when user input is logged, and that user input contained a JNDI Lookup pointing to a malicious server, then Log4j would resolve that JNDI Lookup, connect to that server, and potentially download serialized Java code from that remote server. This in turn could execute any code during deserialization. This is known as a RCE (Remote Code Execution) attack. In version 2.12.2 Log4j disables access to JNDI by default. Usage of JNDI in configuration now need to be enabled explicitly. Calls to the JndiLookup will now return a constant string. Also, Log4j now limits the protocols by default to only java. The message lookups feature has been completely removed. In version 2.16.0 the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. This check requires the Security Console and Scan Engines to be on product version 6.6.118 or later."
},
{
" Vulnerability Title": "Apache Log4j Core: CVE-2021-44228: JNDI support has not restricted what names could be resolved allowing remote code execution",
"Host Name": "host1",
"IP Address": "10.1.10.20",
"NexposeID": "apache-log4j-core-cve-2021-44228",
"Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)No mitigation applied. JndiLookup class discovered.",
"Proof Key": "/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar",
"Solution Fix": "Download and apply the patch from: https://logging.apache.org/log4j/2.x/download.html (https://logging.apache.org/log4j/2.x/download.html)",
"Solution Summary": "Upgrade Apache Log4j Core to the latest version",
"Solution Type": "PATCH",
"Solution url": "https://logging.apache.org/log4j/2.x/download.html",
"Vulnerability Description": "One vector that allowed exposure to this vulnerability was Log4j’s allowance of Lookups to appear in log messages. This meant that when user input is logged, and that user input contained a JNDI Lookup pointing to a malicious server, then Log4j would resolve that JNDI Lookup, connect to that server, and potentially download serialized Java code from that remote server. This in turn could execute any code during deserialization. This is known as a RCE (Remote Code Execution) attack. In version 2.12.2 Log4j disables access to JNDI by default. Usage of JNDI in configuration now need to be enabled explicitly. Calls to the JndiLookup will now return a constant string. Also, Log4j now limits the protocols by default to only java. The message lookups feature has been completely removed. In version 2.16.0 the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. This check requires the Security Console and Scan Engines to be on product version 6.6.118 or later."
},
{
" Vulnerability Title": "Apache Log4j Core: CVE-2021-44228: JNDI support has not restricted what names could be resolved allowing remote code execution",
"Host Name": "host2",
"IP Address": "10.1.10.10",
"NexposeID": "apache-log4j-core-cve-2021-44228",
"Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)No mitigation applied. JndiLookup class discovered.",
"Proof Key": "/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar",
"Solution Fix": "Download and apply the patch from: https://logging.apache.org/log4j/2.x/download.html (https://logging.apache.org/log4j/2.x/download.html)",
"Solution Summary": "Upgrade Apache Log4j Core to the latest version",
"Solution Type": "PATCH",
"Solution url": "https://logging.apache.org/log4j/2.x/download.html",
"Vulnerability Description": "One vector that allowed exposure to this vulnerability was Log4j’s allowance of Lookups to appear in log messages. This meant that when user input is logged, and that user input contained a JNDI Lookup pointing to a malicious server, then Log4j would resolve that JNDI Lookup, connect to that server, and potentially download serialized Java code from that remote server. This in turn could execute any code during deserialization. This is known as a RCE (Remote Code Execution) attack. In version 2.12.2 Log4j disables access to JNDI by default. Usage of JNDI in configuration now need to be enabled explicitly. Calls to the JndiLookup will now return a constant string. Also, Log4j now limits the protocols by default to only java. The message lookups feature has been completely removed. In version 2.16.0 the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. This check requires the Security Console and Scan Engines to be on product version 6.6.118 or later."
},
{
" Vulnerability Title": "Apache Log4j Core: CVE-2021-44228: JNDI support has not restricted what names could be resolved allowing remote code execution",
"Host Name": "host2",
"IP Address": "10.1.10.10",
"NexposeID": "apache-log4j-core-cve-2021-44228",
"Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)No mitigation applied. JndiLookup class discovered.",
"Proof Key": "/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar",
"Solution Fix": "Download and apply the patch from: https://logging.apache.org/log4j/2.x/download.html (https://logging.apache.org/log4j/2.x/download.html)",
"Solution Summary": "Upgrade Apache Log4j Core to the latest version",
"Solution Type": "PATCH",
"Solution url": "https://logging.apache.org/log4j/2.x/download.html",
"Vulnerability Description": "One vector that allowed exposure to this vulnerability was Log4j’s allowance of Lookups to appear in log messages. This meant that when user input is logged, and that user input contained a JNDI Lookup pointing to a malicious server, then Log4j would resolve that JNDI Lookup, connect to that server, and potentially download serialized Java code from that remote server. This in turn could execute any code during deserialization. This is known as a RCE (Remote Code Execution) attack. In version 2.12.2 Log4j disables access to JNDI by default. Usage of JNDI in configuration now need to be enabled explicitly. Calls to the JndiLookup will now return a constant string. Also, Log4j now limits the protocols by default to only java. The message lookups feature has been completely removed. In version 2.16.0 the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. This check requires the Security Console and Scan Engines to be on product version 6.6.118 or later."
}
]
您可以对group_by使用与."Host Name"相同的技术按.NexposeID分组:
jq '
group_by(."Host Name") | map(
(.[0] | {"Host Name", "IP Address"}) + {Vuln: (
group_by(.NexposeID) | map(
.[0] | {(.NexposeID): {Proof, "Vulnerability Description", " Vulnerability Title"}}
)
| add
)}
)
'
演示
您也可以使用reduce来避免add在之后出现在字段中:
jq '
group_by(."Host Name") | map(
reduce group_by(.NexposeID)[][0] as $g (
.[0] | {"Host Name", "IP Address"};
.Vuln[$g.NexposeID] = ($g | {Proof, "Vulnerability Description", " Vulnerability Title"})
)
)
'
演示
输出:
[
{
"Host Name": "host1",
"IP Address": "10.1.10.20",
"Vuln": {
"apache-log4j-core-cve-2021-44228": {
"Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)No mitigation applied. JndiLookup class discovered.",
"Vulnerability Description": "One vector that allowed exposure to this vulnerability was Log4j’s allowance of Lookups to appear in log messages. This meant that when user input is logged, and that user input contained a JNDI Lookup pointing to a malicious server, then Log4j would resolve that JNDI Lookup, connect to that server, and potentially download serialized Java code from that remote server. This in turn could execute any code during deserialization. This is known as a RCE (Remote Code Execution) attack. In version 2.12.2 Log4j disables access to JNDI by default. Usage of JNDI in configuration now need to be enabled explicitly. Calls to the JndiLookup will now return a constant string. Also, Log4j now limits the protocols by default to only java. The message lookups feature has been completely removed. In version 2.16.0 the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. This check requires the Security Console and Scan Engines to be on product version 6.6.118 or later.",
" Vulnerability Title": "Apache Log4j Core: CVE-2021-44228: JNDI support has not restricted what names could be resolved allowing remote code execution"
},
"apache-log4j-core-cve-2021-45046": {
"Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)No mitigation applied. JndiLookup class discovered.",
"Vulnerability Description": "It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern, resulting in an information leak and remote code execution in some environments and local code execution in all environments; remote code execution has been demonstrated on macOS but no other tested environments.",
" Vulnerability Title": "Apache Log4j Core: CVE-2021-45046: Apache Log4j2 Thread Context Lookup Pattern vulnerable to remote code execution in certain non-default configurations"
},
"apache-log4j-core-cve-2021-45105": {
"Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)",
"Vulnerability Description": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a StackOverflowError that will terminate the process. This is also known as a DOS (Denial of Service) attack.",
" Vulnerability Title": "Apache Log4j Core: CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation"
}
}
},
{
"Host Name": "host2",
"IP Address": "10.1.10.10",
"Vuln": {
"apache-log4j-core-cve-2021-44228": {
"Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)No mitigation applied. JndiLookup class discovered.",
"Vulnerability Description": "One vector that allowed exposure to this vulnerability was Log4j’s allowance of Lookups to appear in log messages. This meant that when user input is logged, and that user input contained a JNDI Lookup pointing to a malicious server, then Log4j would resolve that JNDI Lookup, connect to that server, and potentially download serialized Java code from that remote server. This in turn could execute any code during deserialization. This is known as a RCE (Remote Code Execution) attack. In version 2.12.2 Log4j disables access to JNDI by default. Usage of JNDI in configuration now need to be enabled explicitly. Calls to the JndiLookup will now return a constant string. Also, Log4j now limits the protocols by default to only java. The message lookups feature has been completely removed. In version 2.16.0 the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. This check requires the Security Console and Scan Engines to be on product version 6.6.118 or later.",
" Vulnerability Title": "Apache Log4j Core: CVE-2021-44228: JNDI support has not restricted what names could be resolved allowing remote code execution"
},
"apache-log4j-core-cve-2021-45046": {
"Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)No mitigation applied. JndiLookup class discovered.",
"Vulnerability Description": "It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern, resulting in an information leak and remote code execution in some environments and local code execution in all environments; remote code execution has been demonstrated on macOS but no other tested environments.",
" Vulnerability Title": "Apache Log4j Core: CVE-2021-45046: Apache Log4j2 Thread Context Lookup Pattern vulnerable to remote code execution in certain non-default configurations"
},
"apache-log4j-core-cve-2021-45105": {
"Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)",
"Vulnerability Description": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a StackOverflowError that will terminate the process. This is also known as a DOS (Denial of Service) attack.",
" Vulnerability Title": "Apache Log4j Core: CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation"
}
}
}
]
编辑:如果您喜欢.Vuln字段是一个对象数组,这里有一个使用unique_by:的解决方案
jq '
group_by(."Host Name") | map(
(.[0] | {"Host Name", "IP Address"}) +
{Vuln: unique_by(.NexposeID) | map(
{Proof, "Vulnerability Description", " Vulnerability Title"}
)}
)
'
[
{
"Host Name": "host1",
"IP Address": "10.1.10.20",
"Vuln": [
{
"Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)No mitigation applied. JndiLookup class discovered.",
"Vulnerability Description": "One vector that allowed exposure to this vulnerability was Log4j’s allowance of Lookups to appear in log messages. This meant that when user input is logged, and that user input contained a JNDI Lookup pointing to a malicious server, then Log4j would resolve that JNDI Lookup, connect to that server, and potentially download serialized Java code from that remote server. This in turn could execute any code during deserialization. This is known as a RCE (Remote Code Execution) attack. In version 2.12.2 Log4j disables access to JNDI by default. Usage of JNDI in configuration now need to be enabled explicitly. Calls to the JndiLookup will now return a constant string. Also, Log4j now limits the protocols by default to only java. The message lookups feature has been completely removed. In version 2.16.0 the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. This check requires the Security Console and Scan Engines to be on product version 6.6.118 or later.",
" Vulnerability Title": "Apache Log4j Core: CVE-2021-44228: JNDI support has not restricted what names could be resolved allowing remote code execution"
},
{
"Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)No mitigation applied. JndiLookup class discovered.",
"Vulnerability Description": "It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern, resulting in an information leak and remote code execution in some environments and local code execution in all environments; remote code execution has been demonstrated on macOS but no other tested environments.",
" Vulnerability Title": "Apache Log4j Core: CVE-2021-45046: Apache Log4j2 Thread Context Lookup Pattern vulnerable to remote code execution in certain non-default configurations"
},
{
"Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)",
"Vulnerability Description": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a StackOverflowError that will terminate the process. This is also known as a DOS (Denial of Service) attack.",
" Vulnerability Title": "Apache Log4j Core: CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation"
}
]
},
{
"Host Name": "host2",
"IP Address": "10.1.10.10",
"Vuln": [
{
"Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)No mitigation applied. JndiLookup class discovered.",
"Vulnerability Description": "One vector that allowed exposure to this vulnerability was Log4j’s allowance of Lookups to appear in log messages. This meant that when user input is logged, and that user input contained a JNDI Lookup pointing to a malicious server, then Log4j would resolve that JNDI Lookup, connect to that server, and potentially download serialized Java code from that remote server. This in turn could execute any code during deserialization. This is known as a RCE (Remote Code Execution) attack. In version 2.12.2 Log4j disables access to JNDI by default. Usage of JNDI in configuration now need to be enabled explicitly. Calls to the JndiLookup will now return a constant string. Also, Log4j now limits the protocols by default to only java. The message lookups feature has been completely removed. In version 2.16.0 the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. This check requires the Security Console and Scan Engines to be on product version 6.6.118 or later.",
" Vulnerability Title": "Apache Log4j Core: CVE-2021-44228: JNDI support has not restricted what names could be resolved allowing remote code execution"
},
{
"Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)No mitigation applied. JndiLookup class discovered.",
"Vulnerability Description": "It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern, resulting in an information leak and remote code execution in some environments and local code execution in all environments; remote code execution has been demonstrated on macOS but no other tested environments.",
" Vulnerability Title": "Apache Log4j Core: CVE-2021-45046: Apache Log4j2 Thread Context Lookup Pattern vulnerable to remote code execution in certain non-default configurations"
},
{
"Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)",
"Vulnerability Description": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a StackOverflowError that will terminate the process. This is also known as a DOS (Denial of Service) attack.",
" Vulnerability Title": "Apache Log4j Core: CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation"
}
]
}
]
演示