CISA has released Apache Log4j Vulnerability Scanner

CISA has been closely monitoring developments following the exposure of the Log4shell vulnerability. In addition to urging federal agencies to complete patches before the Christmas holiday, the agency, which is part of the Department of Defense, has launched the #HackDHS vulnerability bounty program. The latest news is that CISA has launched another vulnerability scanner called log4j-scanner to help agencies screen for vulnerable web services.

As a spin-off project of the CISA Rapid Action Team and the Open Source Community Team, log4j-scanner is said to be able to identify web services vulnerable to two Apache remote code execution vulnerabilities (CVE-2021-44228 and CVE-2021-45046, respectively).

This scanning solution is built on top of similar tools, including an automated scanning framework for the CVE-2021-44228 vulnerability developed by cybersecurity firm FullHunt. Security teams in need can use the tool to scan network hosts for potential threats that expose Log4j RCE and allow Web applications to bypass firewalls (WAFs).

The project has currently received 814 stars on Github.


Huawei USG6307E

[Reseller] Store

[Product Price] 3481RMB