Dec 23, 2021
CISA releases Apache Log4j scanner to find vulnerable apps
Posted by Genevieve Klien in categories: cybercrime/malcode, electronics, robotics/AI
The Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of a scanner for identifying web services impacted by two Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021–44228 and CVE-2021–45046.
“log4j-scanner is a project derived from other members of the open-source community by CISA’s Rapid Action Force team to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities,” the cybersecurity agency explains.
This scanning solution builds upon similar tools, including an automated scanning framework for the CVE-2021–44228 bug (dubbed& Log4Shell)& developed by cybersecurity company FullHunt.