From 2eb8d117a4bec772aeb7e6139893fda8d557dfbf Mon Sep 17 00:00:00 2001
From: forewarned <14337073+forewarned@users.noreply.github.com>
Date: Fri, 10 Dec 2021 10:41:52 -0700
Subject: [PATCH] Coverage for CVE-2021-44248 Log4Shell Log4j Update

---
 scripts/http_rce.zeek | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/http_rce.zeek b/scripts/http_rce.zeek
index 08713cd..6aaf392 100644
--- a/scripts/http_rce.zeek
+++ b/scripts/http_rce.zeek
@@ -57,7 +57,7 @@ export {
     /(str_replace[[:space:]]*?\+*?\()/i |
     /(file_get_contents[[:space:]]*?\+*?\()/i | #Example: $code = file_get_contents('https://pastebin[.]com/raw/63LjCNAs');
     /(PHP Obfuscator)/ |
-    /\$jndi:/i | # Based on https://nakedsecurity.sophos.com/2021/12/10/log4shell-java-vulnerability-how-to-safeguard-your-servers/
+    /jndi:/i | # Based on https://nakedsecurity.sophos.com/2021/12/10/log4shell-java-vulnerability-how-to-safeguard-your-servers/
     # /(\?\>)/ | Too many false positives. Legitimate XML Ending
     # /(\%\>)/ | Too many false positives.