4 minutes read

Log4j Attack Surface Monitoring

Purplemet Product

December 19, 2021

Apache Log4j Remote Code Execution

On December 9th 2021, a remote code execution 0-day was discovered in Apache Log4j version 2 a popular Java logging library. Several CVEs have been assigned to it: CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105. As of today, this vulnerability is probably one of the worst ever.

Which of your web applications use Log4j?

Tons of technologies are impacted by this vulnerability because they use an embedded version of the Log4j library. Which of those technologies use the Log4j library and which of your web applications use those technologies? Purplemet helps you detect the technologies known to use the Log4j library. Once you know which web applications use Log4j you could start the investigations and check if the Log4j or the technology using it is up-to-date or provides a mitigation to avoid the exploitation of the vulnerability.

Purplemet Log4j attack surface monitoring