Advertisement
Python253

cve_2021_44228_apache_log4j

Apr 9th, 2024
1,095
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 3.00 KB | None | 0 0
  1. #!/usr/bin/env python3
  2. # -*- coding: utf-8 -*-
  3. # Filename: cve_2021_44228_apache_log4j.py
  4. # Version: 1.0.0
  5. # Author: Jeoi Reqi
  6. # Vulnerability Source: https://nvd.nist.gov/vuln/detail/CVE-2021-44228
  7.  
  8. """
  9. Description:
  10. This script checks for the presence of vulnerable software configurations on the user's machine
  11. in relation to the CVE-2021-44228 vulnerability. It compares the list of installed software on
  12. the system with a predefined list of vulnerable software configurations associated with the CVE.
  13. If any vulnerable software configurations are found, it displays a warning message to prompt
  14. the user to take immediate action to mitigate the vulnerability.
  15.  
  16. Requirements:
  17. - Python 3.x: The script is written in Python 3 and requires a Python interpreter of version 3 or higher to run.
  18.  
  19. Usage:
  20. 1. Run the script using the command `python cve_2021_44228_apache_log4j.py`.
  21. 2. The script will verify if any vulnerable software configurations are installed on your machine and
  22.   provide instructions for mitigation if necessary.
  23.  
  24. Functions:
  25. - get_installed_software(): Retrieves a list of installed software on the user's machine.
  26. - check_for_vulnerabilities(): Compares the list of installed software with a predefined list of vulnerable
  27.  software configurations and displays a warning message if any vulnerable software configurations are found.
  28.  
  29. Important Notes:
  30. - The predefined list of vulnerable software configurations in this script corresponds to the CVE-2021-44228 vulnerability.
  31. """
  32.  
  33. import wmi
  34.  
  35. vulnerable_software = [
  36.     "Apache Log4j 2.0 up to (excluding) 2.12.2",
  37.     "Apache Log4j 2.13.0 up to (excluding) 2.16.0"
  38. ]
  39.  
  40. def get_installed_software():
  41.     """
  42.    Retrieves a list of installed software on the user's machine using the WMI module.
  43.    
  44.    Returns:
  45.        list: A list containing the names of installed software.
  46.    """
  47.     c = wmi.WMI()
  48.     installed_software = []
  49.     for item in c.Win32_Product():
  50.         installed_software.append(item.Caption)
  51.     return installed_software
  52.  
  53. def check_for_vulnerabilities():
  54.     """
  55.    Compares the list of installed software with a predefined list of vulnerable software configurations
  56.    and displays a warning message if any vulnerable software configurations are found.
  57.    """
  58.     installed_software = get_installed_software()
  59.     vulnerable_installed = [software for software in installed_software if software in vulnerable_software]
  60.     if vulnerable_installed:
  61.         print("\nWarning:\nThe following vulnerable software configurations are installed on your machine:")
  62.         for software in vulnerable_installed:
  63.             print("- " + software)
  64.         print("\nPlease take immediate action to mitigate the vulnerability by applying updates per vendor instructions.\n")
  65.     else:
  66.         print("\nAll clear!\nNone of the vulnerable software configurations are installed on your machine.\n")
  67.  
  68. if __name__ == "__main__":
  69.     print("Verifying vulnerable software configurations...")
  70.     check_for_vulnerabilities()
  71.  
  72.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement