CISA’s Scanner Identifies Web Services Impacted By Log4J Flaw

December 23, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) introduced the Log4J scanner, which will help identify web services affected by two Log4j flaws (CVE-2021-44228 and CVE-2021-45046).

The tool, based on an automated scanning framework developed by cybersecurity firm FullHunt, allows security teams to scan network hosts for two main actions, including Log4j RCE exposure and detection of web application firewall (WAF) bypasses that can allow attackers to execute code within an organization’s network.

Notable features of the Log4j scanner include support for lists of URLs, fuzzing for more than 60 HTTP request headers, fuzzing for HTTP Post Data parameters, fuzzing for JSON data parameters, DNS callback support for vulnerability discovery and validation, and WAF Bypass payloads.

These and many more are some of the efforts of CISA to mitigate attacks resulting from the successful exploitation of the Log4j flaw.

For more information, read the original story in BleepingComputer.

CISA’s Scanner Identifies Web Services Impacted By Log4J Flaw

Top Stories

New Deepfakes Can Mimic Heartbeats, Evading Detection Tools

RBC Pushes Employees Back to Office to Preserve ‘Winning Culture’

Microsoft Azure Closes Cloud Gap with AWS as AI and Enterprise Migrations Fuel Growth

Sleeper Supply Chain Attack Activates After 6 Years

Dell has another major round of layoffs

One of the biggest data breaches ever, billions of users affected

Related Articles

65% of Canadians Still Reusing Passwords Despite Identity Theft Fears, Okta Study

Ottawa Warns of China-Linked Hack on Canadian Telecom Gear

Broadcom Defends VMware Price Hikes, Says Customers Are “Using It Wrong”

MIT Warns SpaceX Could Lose Up to Two‑Thirds of Starlink Fleet to Orbital Congestion

Jim Love

Follow Us

Popular categories

Tech News Delivered