The Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of an open-source scanner for identifying web services impacted by Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046.
“This repository provides a scanning solution for the log4j Remote Code Execution vulnerabilities (CVE-2021-44228 & CVE-2021-45046). The information and code in this repository is provided “as is” and was assembled with the help of the open-source community and updated by CISA through collaboration with the broader cybersecurity community.” reads the description for the project.
Below is the list of features implemented in the log4j-scanner:
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), the Computer Emergency Response Team New Zealand (CERT NZ), the New Zealand National Cyber Security Centre (NZ NCSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) released a joint advisory to provide mitigation guidance on addressing vulnerabilities in Apache’s Log4j software library: CVE-2021-44228 (known as “Log4Shell”), CVE-2021-45046, and CVE-2021-45105.
Government experts warn of sophisticated cyber threat actors which are actively scanning networks to potentially exploit the above flaws in vulnerable systems.
CISA also ordered Federal Civilian Executive Branch agencies to address the critical Log4Shell vulnerability in the Log4j library by December 24th, 2021.
(SecurityAffairs – hacking, Log4Shell)