In an attempt to assist organizations, The Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of a scanner for identifying web services impacted by the Apache Log4j remote code execution (RCE) vulnerabilities.
Tracked as CVE-2021-44228 and CVE-2021-45046, the Apache Log4j vulnerabilities have had a cascading impact on the digital landscape. The ubiquitous presence of Java has resulted in the impact being felt in all things Internet.
As reiterated, several companies use the Log4j library worldwide to enable the logging and configuration of a wide set of applications. The Log4j flaw allows hackers to run any code on vulnerable machines or hack into any application directly using the Log4j framework.
“Log4j-scanner is a project derived from other members of the open-source community by CISA’s Rapid Action Force team to help organizations identify potentially vulnerable web services affected by the Log4j vulnerabilities,” said CISA.
We published an open-sourced log4j-scanner derived from scanners created by other members of the open-source community. This tool is intended to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities: https://t.co/af8uszW8K4
— Cybersecurity and Infrastructure Security Agency (@CISAgov) December 21, 2021
Log4j has been touted as the most indiscriminate security flaw discovered to date. A simple code has resulted in the most complex attack ever witnessed in the last few decades.
Prakash Advani, CEO, picoNETS, explained how the lapse occurred. “Log4j is a modular, open-source logging library that is designed to add logging and log management functionality to any project that wants to build in this functionality without developing it from scratch. The Original Java Development Kit (JDK) didn’t have a logging API; hence Log4j and other similar libraries were created, and over time, Log4J became one of the most popular among them. The Log4j library is used by hundreds of thousands of projects, both commercial and open source, including major projects such as Elasticsearch, Kafka, Flink and other frameworks. It is especially popular as a foundational component of major Java-based enterprise applications as they embed this into their application.”
The scanner will to make the systems administrator teams’ tasks less challenging while scouting for the vulnerability. As Log4j may be in multiple places, it may be embedded into other third-party applications or components, so knowing what to patch may not be very straightforward for a server administrator.
Since its disclosure, CISA has actively notified and guided organizations about the Log4j vulnerability. Some initiatives and resources are: