Log4j Vulnerability - Find out which of your servers are affected
The German Federal Office for Information Security (BSI) issued a red alert on Saturday night. Exploiting the log4j vulnerability is as simple as can be. The attacks are already running. Do not waste time and check the security of your systems.
Log4Shell vulnerability scanner for faster inventory
LocateRisk Log4Shell scanner quickly identifies the CVE-2021-44228 vulnerability in accessible web applications. The software is executable under the most common operating systems - so it is also possible to scan systems in the internal network.
Why is the scanner not included in the LocateRisk scan? From our point of view, the scan cannot be categorized as "non-invasive" because of the increased request load. The scanner puts the JNDI string into various headers, user agent and URL parameters. A system crash is unlikely, but cannot be ruled out.
Important: Only systems for which consent for an invasive scan has been obtained will be checked!
How do I use the Log4Shell scanner? A line-separated domain / IP list is required as input for the analysis tool. The ports and protocols are automatically added by the software. The system list from the LocateRisk scan provides an initial starting point.
This is how it works 1. Enter domain names and IP addresses to be checked in the "hosts.txt" file in the application directory. IP ranges cannot be stored. 2. Run application. 3. You can find the results on the console and in the results file in the application directory.
Are you interested in the solution? Then send a message to: sales@LocateRisk.com
Note LocateRisk is not liable for any damages and expenses caused by the scans as well as vulnerabilities not found. It is only a quick check - this means that there is no test tailored to the respective applications. The tool is provided on a transitional basis. We will shut down the corresponding infrastructure again in a few weeks.
Since we cannot guarantee that every Log4J and associated Log4Shell vulnerability will be found, we recommend that you dial into any system running Java apps and follow these 5 steps as well:
How to find out if and where you are using the Java library Log4j
Step 1 Open your latest security scan on the LocateRisk platform.
Step 2 Go to the "Details for professionals" list and select the "App" category filter for the report.
Step 3 Search the results using the adjacent search for the JAVA and TOMCAT applications or for the affected applications below.
Step 4 Log in to the corresponding servers. A high CPU load indicates that crypto miners may be installed.
Step 5 Take all JAVA applications (JAR and Tomcat files) you find on the above servers and check them on Github in the following tool CVE-2021-44228-Scanner or under local-log4j-vuln-scanner. You will find out immediately if the vulnerability is in the application and you can fix it directly.
You can get more information about the vulnerability and how to fix it directly from the BSI
The LocateRisk team is working hard to include the affected applications in the risk analysis and will update the still incomplete list with each additional case that becomes known.
Products affected by the Log4j vulnerability
Most products are applications that use Java in their infrastructure.
Technical storage or access is strictly necessary for the lawful purpose of enabling the use of a particular service expressly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a message over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that have not been requested by the subscriber or user.
The technical storage or access, which is carried out exclusively for statistical purposes.Technical storage or access used solely for anonymous statistical purposes. Without a subpoena, the voluntary consent of your Internet service provider, or additional records from third parties, information stored or accessed for this purpose alone generally cannot be used to identify you.
Technical storage or access is necessary to create user profiles, to send advertisements, or to track the user on a website or across multiple websites for similar marketing purposes.