In case anyone missed all the action today:
Have a nice weekend...
There will be a great deal of people sorting out this issue, which is likely to affect many cloud providers as well:
It is definitely keeping a lot of Incident Response personnel occupied.
And there is also a tool to detect too:
Most Burp extensions are written in a similar way as this one. I have no issues with this one except that it is NOT (yet??) in the Burp Extender "BApp store". Log4Scanner is in BApp. The same caveat emptor applies to many of the GitHub JNDI scanners out there on GitHub. Always do a code review before using anything! I have seen some "spooky" stuff out there...
@AppDefectsAbsolutely agree, but when people are in a rush, and the pressure is on - all sorts of issues arise.
Time for automation and orchestration.
Yes, while we are busy in handling this.
We shall really look close at the code download from the git to avoid people is taking advantage on this rush.
Joke aside, my developer is very happy and told me that look we are lucky that we are not using log4j2 but just logj4 and bring me a dump of the class, that's the benefit of using old version and not doing upgrade. HaHaHa.
and within 5 minutes, I look there are a lot of other vulnerabilities which they are equally bad.. exist in the dump screen..... I am speechless.
Anyone want a good layman's explanation with an example, here is one for those who cannot handle the technology and acryonyms and their heads are spinning.
As these are appearing regularly, this is an exceptional one for explaining to the C-Suite how bad the situation really is:
It may help a great deal.
Just be-aware of the situation where there are changes in the attacks in further vulnerability.
Best is to patch them to 2.17.
if you are relying the WAF to temporary block those (which buy you time to upgrade), make sure your signatures are up to date, the signature are keep adding and adding each and almost every 2 days.