Good News For Sysadmins! CISA Releases Log4j Scanner To Help You Find All The Things You Need To Patch

With Log4j being the most severe vulnerability that the IT world has seen, sysadmins have been scrambling to patch everything. If they can. And that’s the main problem. How do you figure out what’s vulnerable and what isn’t?

Well The Cybersecurity and Infrastructure Security Agency (CISA) is here to help. They have announced the release of a scanner for identifying web services impacted by two Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046 respectively.

The tool enables security teams to scan network hosts for Log4j RCE exposure and spot web application firewall (WAF) bypasses that can allow threat actors to gain code execution within the organization’s environment. So if you’re responsible for figuring out what your organization’s exposure is to Log4j, you might want to quickly download this tool and get scanning.

Leave a Reply

%d bloggers like this: