It is rare that a vulnerability lives up to the hype, but CVE-2021-44228 aka Log4shell has exceeded expectations.
This vulnerability allows unauthenticated remote code execution (RCE) and it is triggered when a specific string is processed and then parsed by the vulnerable Log4j logging component.
What we are doing
If we discover this vulnerability on your environment, we will contact your directly.
We have effective methods of discovering this vulnerability and we are running scans vs all customer environments. These scans are additive and running continuously, they run in parallel with your normal scanning and the detection methods are updated hourly.
How we are doing it
edgescan is approaching this with every client as the highest priority. Our scans will continue to run with the following approach.
- A base request with the latest research and vectors.
- A unscheduled scan will take place after crawling the application for endpoints and parameters which will be tested to ensure full coverage of any logging that may take place within the depth of application.
If a server is found to be vulnerable at this phase you our client is contacted to ensure both prompt notification and mitigation is in place.
We follow this up with fuzzing the discovered endpoints and parameters with the latest bypass vectors.
After the third phase is completed, we continue to discover and confirm full coverage as well as staying on top of both research and feeds for any additional mitigation bypasses.
If the testing team discover a vulnerable instance on a customer’s organisation, we are directly contacting customers. If they hear nothing great, scans are happening and we haven’t discovered a vulnerable instance yet.