Log4j CVE-2021-44228 Detection and Mitigation

I’ve added another post to our Summary thread at Log4j CVE-2021-44228, CVE-2021-45046 Summary Page

Please see here for refreshed Scan tasks (using Logpresso 2.3.6, new refresh coming soon); additional Task to scan by downloading temporary JRE on Windows, Linux, and Mac; additional Task to scan by using the existing installed Java; and additonal task to scan using Mac native binary.

The Linux, Mac, and Java scans have been enhanced to allow adding your own list of path exclusions, on the Description page of the task.

The “Run: log4j2-scan v2.3.6 - Universal JAR - System JRE” Task allows insight into a wider range of operating systems, where you already have a JRE of version 7 or higher installed. Last night I was able to scan SunOS 5.11 and Raspberry Pi Raspbian with it.

More version and task refreshes coming soon, more OS support for the “temporary JRE” scans coming soon.

We also need your feedback. We’ve made many updates on the scan tasks, and Logpresso on their tool itself, to try to exclude network paths from being scanned and overwhelming fileservers. Please let us know in this thread whether that is still an issue in the latest versions of the scans (including telling us “yeah, it seems ok to me”).

If you’re still seeing network paths being hit by the scans, please give us as much detail as you can - what operating systems and versions, are they nfs, cifs, sshfs, gpfs, or something else. Is it automount? Can you post copies of your /etc/fstab, ‘mount’ command output, ‘df’ command output, anything that would help us build exclusions.

Again, thank you all for working through this with us. I’m sure for most of us this is the most severe and widespread security issue we’ve faced, and it’s great how the entire cyber community is coming together to protect each other.

1 Like