Good News For Sysadmins! CISA Releases Log4j Scanner To Help You Find All The Things You Need To Patch

With Log4j being the most severe vulnerability that the IT world has seen, sysadmins have been scrambling to patch everything. If they can. And that’s the main problem. How do you figure out what’s vulnerable and what isn’t?

Well The Cybersecurity and Infrastructure Security Agency (CISA) is here to help. They have announced the release of a scanner for identifying web services impacted by two Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046 respectively.

The tool enables security teams to scan network hosts for Log4j RCE exposure and spot web application firewall (WAF) bypasses that can allow threat actors to gain code execution within the organization’s environment. So if you’re responsible for figuring out what your organization’s exposure is to Log4j, you might want to quickly download this tool and get scanning.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: