CISA’s Scanner Identifies Web Services Impacted By Log4J Flaw

December 23, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) introduced the Log4J scanner, which will help identify web services affected by two Log4j flaws (CVE-2021-44228 and CVE-2021-45046).

The tool, based on an automated scanning framework developed by cybersecurity firm FullHunt, allows security teams to scan network hosts for two main actions, including Log4j RCE exposure and detection of web application firewall (WAF) bypasses that can allow attackers to execute code within an organization’s network.

Notable features of the Log4j scanner include support for lists of URLs, fuzzing for more than 60 HTTP request headers, fuzzing for HTTP Post Data parameters, fuzzing for JSON data parameters, DNS callback support for vulnerability discovery and validation, and WAF Bypass payloads.

These and many more are some of the efforts of CISA to mitigate attacks resulting from the successful exploitation of the Log4j flaw.

For more information, read the original story in BleepingComputer.

CISA’s Scanner Identifies Web Services Impacted By Log4J Flaw

Top Stories

Malicious browser extensions are harvesting ChatGPT conversations at massive scale

10 game-changing technology unveiled at CES 2026 so far

Canadian fugitive connected to Desjardins data breach arrested in Spain

SaaStr founder says human sales roles have been replaced by AI agents

AI tool is flagging pancreatic cancer early in China

Top 10 predictions for information technology developments in 2026

Related Articles

HSBC blocks customers using sideloaded Bitwarden from mobile banking app

Malicious browser extensions are harvesting ChatGPT conversations at massive scale

Finnish startup IXI plans launch of autofocus smart glasses that adjust vision in real time

D-Wave announces quantum breakthrough that could unlock scalable commercial systems

TND News Desk

TND News Desk

Jim Love

Follow Us

Popular categories

Tech News Delivered