CISAs New Log4j Scanner Aims to Find Vulnerable Apps

  /     /     /  
Publicated : 23/11/2024   Category : security


CISAs New Log4j Scanner Aims to Find Vulnerable Apps


The open-sourced scanner was derived from scanners built by members across the open source community, CISA reports.



The Cybersecurity and Infrastructure Security Agency (CISA) has released an open source scanner that businesses can use to find Web services vulnerable to Log4j remote code execution vulnerabilities CVE-2021-44228 and CVE-2021-45046.
Log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by log4j vulnerabilities, CISA officials wrote on GitHub.
The information and code in the repository were provided as is, assembled with help from the open source community, and updated by CISA through a collaboration with the broader security community, they noted.
Officials noted there are likely more, still unknown ways to use the Log4j vulnerabilities and that CISA is monitoring multiple platforms to stay up to date as the situation evolves.
In a
tweet
posted Dec. 21, Secretary Alejandro Mayorkas reported the Log4j vulnerability will also be included in the scope of the new Hack DHS bug bounty program
announced Dec. 15
. The program will include additional incentives to find and patch Log4j-related flaws in DHS systems, Mayorkas wrote.
Check out the CISA scanner on
GitHub
.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
CISAs New Log4j Scanner Aims to Find Vulnerable Apps