The Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of a scanner for identifying web services impacted by two Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021–44228 and CVE-2021–45046.
“log4j-scanner is a project derived from other members of the open-source community by CISA’s Rapid Action Force team to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities,” the cybersecurity agency explains.
This scanning solution builds upon similar tools, including an automated scanning framework for the CVE-2021–44228 bug (dubbed& Log4Shell)& developed by cybersecurity company FullHunt.