From 60de839b60f214ed264f64343293e60bd00a8096 Mon Sep 17 00:00:00 2001
From: Spencer McIntyre <zeroSteiner@gmail.com>
Date: Fri, 17 Dec 2021 15:53:54 -0500
Subject: [PATCH] Update Log4Shell references and VCenter URI

---
 data/exploits/CVE-2021-44228/http_uris.txt                    | 2 +-
 .../modules/auxiliary/scanner/http/log4shell_scanner.md       | 4 ++--
 modules/auxiliary/scanner/http/log4shell_scanner.rb           | 4 +++-
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/data/exploits/CVE-2021-44228/http_uris.txt b/data/exploits/CVE-2021-44228/http_uris.txt
index eafbf87f8498..81882ea23454 100644
--- a/data/exploits/CVE-2021-44228/http_uris.txt
+++ b/data/exploits/CVE-2021-44228/http_uris.txt
@@ -3,4 +3,4 @@
 # Apache Solr
 /solr/admin/cores?action=CREATE&wt=json&name=${jndi:uri}
 # VMWare VCenter
-/websso/SAML2/SSO/photon-machine.lan?SAMLRequest=
+/websso/SAML2/SSO/vsphere.local?SAMLRequest=
diff --git a/documentation/modules/auxiliary/scanner/http/log4shell_scanner.md b/documentation/modules/auxiliary/scanner/http/log4shell_scanner.md
index 1bf1c155c072..622929541cd2 100644
--- a/documentation/modules/auxiliary/scanner/http/log4shell_scanner.md
+++ b/documentation/modules/auxiliary/scanner/http/log4shell_scanner.md
@@ -22,7 +22,7 @@ This module has been successfully tested with:
 5. Do: `run`
 6. The target should be identified as vulnerable
 
-### Struts2 Setup
+### Apache Struts2 Setup
 
 The following docker file can be used to setup a vulnerable Struts2 instance for testing.
 
@@ -68,7 +68,7 @@ Time in seconds to wait to receive LDAP connections.
 
 ## Scenarios
 
-### Struts2
+### Apache Struts2
 
 ```
 msf6 > use auxiliary/scanner/http/log4shell_scanner 
diff --git a/modules/auxiliary/scanner/http/log4shell_scanner.rb b/modules/auxiliary/scanner/http/log4shell_scanner.rb
index 3bad2aa6ddf8..d81c8f910cf8 100644
--- a/modules/auxiliary/scanner/http/log4shell_scanner.rb
+++ b/modules/auxiliary/scanner/http/log4shell_scanner.rb
@@ -29,7 +29,9 @@ def initialize
       ],
       'References' => [
         [ 'CVE', '2021-44228' ],
-        [ 'URL', 'https://attackerkb.com/topics/in9sPR2Bzt/cve-2021-44228-log4shell/rapid7-analysis' ]
+        [ 'CVE', '2021-45046' ],
+        [ 'URL', 'https://attackerkb.com/topics/in9sPR2Bzt/cve-2021-44228-log4shell/rapid7-analysis' ],
+        [ 'URL', 'https://logging.apache.org/log4j/2.x/security.html' ]
       ],
       'DisclosureDate' => '2021-12-09',
       'License' => MSF_LICENSE,