23 December 2021

CISA shares Apache Log4j scanner to help orgs identify vulnerable web servers


CISA shares Apache Log4j scanner to help orgs identify vulnerable web servers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a scanner for identifying vulnerable web servers affected by the recently disclosed Apache Log4j remote code execution vulnerabilities (CVE-2021-44228 and CVE-2021-45046).

“Log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities,” CISA explained.

According to the project page on GitHub, the log4j-scanner is a fully automated, accurate, and extensive scanner for finding vulnerable Log4j hosts. The tool can be used by security teams to scan their infrastructure for Log4j RCE vulnerabilities, and test for WAF bypasses that can lead to code execution on the organization's environment.

The scanner supports the following features:

  • Support for lists of URLs.

  • Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools).

  • Fuzzing for HTTP POST Data parameters.

  • Fuzzing for JSON data parameters.

  • Supports DNS callback for vulnerability discovery and validation.

  • WAF Bypass payloads.

On Wednesday, the security agencies in the U.S., the UK, Australia, Canada, and New Zealand released a joint Cybersecurity Advisory to provide mitigation guidance on addressing vulnerabilities in Apache’s Log4j logging library: CVE-2021-44228 (“Log4Shell”), CVE-2021-45046, and CVE-2021-45105, of which two bugs - Log4Shell and CVE-2021-45046 - are known to have been under active exploitation.

The vulnerabilities can allow attackers to remotely execute code on vulnerable systems, and according to security researchers, nation-state hackers and ransomware gangs are actively taking advantage of these bugs in their attacks.

The Belgian Ministry of Defense had suffered a cyberattack last week involving the exploitation of the Log4shell vulnerability. The attack disrupted part of the Ministry’s computer network, including the email system.


Back to the list

Latest Posts

The story of the four bears: Brief analysis of APT groups linked to the Russian government

The story of the four bears: Brief analysis of APT groups linked to the Russian government

In “The Four Bears” series we will tell you about the APT groups known as Fancy Bear, Cozy Bear, Voodoo Bear, and Berserk Bear.
17 January 2022
Cybersecurity year in review: Most notable APT hacks of 2021

Cybersecurity year in review: Most notable APT hacks of 2021

In 2021 nation-state actors somewhat faded into the background, but they still pose a significant threat.
17 January 2022
Hackers put up for sale data of 2M ONUS customers after the company refused to pay $5 million ransom

Hackers put up for sale data of 2M ONUS customers after the company refused to pay $5 million ransom

The attackers exploited the Log4Shell vulnerability on ONUS’ Cyclos server to plant backdoor and exfiltrate data.
30 December 2021