CISA’s Scanner Identifies Web Services Impacted By Log4J Flaw

December 23, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) introduced the Log4J scanner, which will help identify web services affected by two Log4j flaws (CVE-2021-44228 and CVE-2021-45046).

The tool, based on an automated scanning framework developed by cybersecurity firm FullHunt, allows security teams to scan network hosts for two main actions, including Log4j RCE exposure and detection of web application firewall (WAF) bypasses that can allow attackers to execute code within an organization’s network.

Notable features of the Log4j scanner include support for lists of URLs, fuzzing for more than 60 HTTP request headers, fuzzing for HTTP Post Data parameters, fuzzing for JSON data parameters, DNS callback support for vulnerability discovery and validation, and WAF Bypass payloads.

These and many more are some of the efforts of CISA to mitigate attacks resulting from the successful exploitation of the Log4j flaw.

For more information, read the original story in BleepingComputer.

CISA’s Scanner Identifies Web Services Impacted By Log4J Flaw

Top Stories

OpenAI amends Pentagon deal after backlash over surveillance concerns

QuitGPT: OpenAI faces consumer backlash after DoD deal

Bell, Telus withdraw CRTC complaints over network sharing

eBay cutting 800 jobs amid strategic realignment

U.S. Pentagon presses Anthropic to lift AI use restrictions

Canada ‘disappointed’ as OpenAI fails to offer new safety protocols after B.C. school shooting

Related Articles

Drone strikes hit AWS data centres in UAE

OpenAI developing GitHub rival after service disruptions

Accenture acquires Ziff Davis Connectivity division in $1.2B deal

OpenAI amends Pentagon deal after backlash over surveillance concerns

TND News Desk

TND News Desk

Jim Love

Follow Us

Popular categories

Tech News Delivered