Anyone found a way to locate log4j-1.x instances and hosts

I am specifically looking for CVE-2022-23307, but and trying to see if there is anything that we can use in Rapid7 to identify the instances in the filesystem and on which hosts.

well nexpose (insightVM) is identifying them for me. I also do sonar scans which picked up some as well.

How is Nexpose identifying them for you? I have not gotten detections yet for 1.x

vulnerability title contains log4j

While that CVE exists, it only has detections for RHL, and only if it is installed at the OS layer, not if its on an asset in the filsystem like the 2.x detections were.

I do see what your saying, in my environment using that search criteria I am pulling CVE’s:

having said that with CVE-2022-23307 I am not sure what the best way to identify that would be.
I do think that using the search criteria I posted will get you multiple CVE’s