"CISA Releases Free Scanner to Spot Log4j Exposure"

The Cybersecurity and Infrastructure Security Agency (CISA) has published a new scanning tool to help organizations find unpatched Log4j instances in their IT environment. CISA posted the Log4j Scanner to GitHub. CISA noted that this repository provides a scanning solution for the Log4j remote code execution vulnerabilities (CVE-2021-44228 & CVE-2021-45046). CISA stated that the information and code in this repository is provided ‘as is’ and was assembled with the help of the open-source community and updated by CISA through collaboration with the broader cybersecurity community. CISA also said the scanning tool would only help security teams “look for a limited set of currently known vulnerabilities in assets owned by their organization.” They warned that there might be “unknown” ways for threat actors to leverage the vulnerabilities.

Infosecurity reports: "CISA Releases Free Scanner to Spot Log4j Exposure"

Submitted by Anonymous on Mon, 12/27/2021 - 08:38