If You Use Java Applications, This Log4J Scanner is for You

It’s been years since we first heard the panic caused by the Log4j exploit echoing through online and business communities, but many organizations are still vulnerable. Even security teams who have full confidence in their programs do not have full visibility on Log4J. Many say they worked for less than a week on remediating Log4J. Use our Log4J scanner to get an in-depth view of your IT systems and see if any of your Java applications are still vulnerable to the Log4Shell exploit. 

To get started, simply copy the field we provide and paste it into your application. All you need to do is indicate that you’re only using the tool on authorized sources, and we’ll take care of the rest. The scanning process should only take a few moments. Since it was natively built for Java applications — a particularly complex coding language — the scanner will be able to quickly cover all your applications. It will send out non-invasive payloads to your libraries, and will automatically build you a table of your remaining instances of Log4J and where to find them.

How Does Log4J Work?

In case you’ve been living under a rock for the past couple years, Log4j is a widely used logging framework that helps developers manage application logs. However, the vulnerability that was discovered in late 2021 allowed cybercriminals to easily gain access and execute remote code on affected systems.

The vulnerability is triggered when a vulnerable Java application running in the JRE receives a log message that contains a specially crafted JNDI name or URL. The Log4j library is then used to process this message, which creates a JNDI context and attempts to resolve the JNDI name or URL. If the JNDI name or URL is constructed in a specific way, the JNDI context may attempt to access a remote resource such as an LDAP server, DNS server, or other network service. This may result in the execution of malicious code within the JVM, which can further escalate privileges, execute additional code, or exfiltrate data.

The risks and consequences of continued vulnerability are significant. Cybercriminals can exploit the vulnerability to gain unauthorized access to sensitive data and systems, compromising both the security and privacy of customers and employees. This can lead to a loss of customer trust and reputation damage, as well as regulatory compliance violations and potential fines.

Why Hasn’t This Problem Been Solved Yet?

It’s a difficult problem to address, due in part to the massively complex interconnected nature of online infrastructure. Log4j was ubiquitously used for logging in Java infrastructures, meaning that essentially any company whose stack holds java applications is affected. So many companies use Java applications that to simply turn these off would have been detrimental to their system’s functionality. 

Meanwhile, security platforms struggle to detect and prevent exploits unless they understand how these components interact and how the exploit is triggered, transformed, and moved throughout this complex system. To effectively protect against vulnerabilities such as Log4j, a security platform must have a comprehensive understanding of the underlying Java architecture as well as how the exploit works. This requires specialized knowledge as well as tools created specifically for analyzing Java-based systems and applications.

In some cases, companies may not even be aware that they are vulnerable, as incomplete or inaccurate vulnerability scanning and detection can lead to false reassurance. Even if your company managed to eliminate all risk from Log4Shell, it’s possible that third party java systems connected to yours were not as diligent.

What Should I Do When I Find Log4J Libraries in my System?

It is imperative for any company running java operations to ensure they are free from exposure to Log4j. Use our scanner above to weed out any remaining instances of Log4j in your systems so you can take action immediately and operate without the risk of compromise from Log4Shell. 

There are few solutions that have the scope and immutability of Waratek’s Java-specific security platform. As mentioned above, many in-house teams do not employ security engineers who specialize in Java, since those tend to go to the developer side. With the Waratek platform, you can weed out and neutralize any threat posed by Log4j in a matter of minutes. 

To learn more about how to automatically protect your Java Applications from development to runtime, click here to take a tour of our platform.

Related resources

Ready to scale Security with modern software development?

Work with us to accelerate your adoption of Security-as-Code to deliver application security at scale.