Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Info

This article helps troubleshoot why the CVE-Check for Log4j crashes on Windows systems.

Status
colourGreen
titleLAST TESTED ON CHECKMK 2.0.0P1


Panel
borderColorblack
bgColor#f8f8f8
titleTable of Contents

Table of Contents

Problem

Together with a customer, we figured out a crash of the CVEthe CVE-2021-44228 -log4j Log4j Checkmk from the Checkmk Exchange Site:   https://exchange.checkmk.com/p/cve-2021-44228-log4j

...

Screenshot of CVE-2021-44228-log4j service in an Unknown state.Image Added

...

Screenshot of a crash report stating TypeError not supported between instances of tuple and int.Image Added

Image Removed


The problem seems to be the incomplete agent output:

Code Block
languagebash
themeRDark
<<<cve_2021_44228_log4j:sep(0):cached(1640096053,86400)>>>
2021-12-21T15:14:13+01:00
SCAN OPTIONS: --all-drives
<<<>>>


Solution

Let's debug this further on the Windows machine:

The powershell Powershell script is returning returns only the incomplete output. That's why we need to execute the log4j2-scan.exe

...

bgColor#fff

...

Screenshot of log4j2-scan.exe with a vcruntime104.dll was not found.Image Added

To solve this, you can use this manual:

...

https://

...

answers.microsoft.com/

...

en-us/windows/forum/all/vcruntime140dll-was-not-found/f43d5afd-9239-4913-8f32-20e44a959e13

Filter by label (Content by label)
showLabelsfalse
max5
spacesKB
showSpacefalse
sortmodified
reversetrue
typepage
cqllabel in ( "cve" , "bakery" , "troubleshooting" ) and type = "page" and space = "KB"
labelsbakery cve

Page Properties
hiddentrue


Related issues