Detecting the Log4j vulnerability with Acunetix 360

Acunetix 360 can detect whether you have Java applications vulnerable to remote code execution attacks targeting the Log4j library.

  • Thousands of Java applications across the world are wide open to remote code execution attacks targeting the Log4j library.
  • A fix is already available, so the recommended course of action is to update to Log4j 2.16.0 (or newer) immediately.

To detect whether you have the Log4j library in your environment, you can utilize Acunetix 360.

This tutorial provides a step-by-step guide on how to identify the Log4j vulnerability using Acunetix 360.

Warning

Make sure your server where Log4j is running can access r87.me or internal AcuMonitor - depending on your use case. For further information about AcuMonitor, see How AcuMonitor Finds Vulnerabilities.

Detecting the Log4j vulnerability with Acunetix 360

To detect the Log4j vulnerability with Acunetix 360, follow these steps:

  1. Configure a scan policy for Log4j
  2. Scan your application with the scan policy created in the 1st step
  3. Review the scan result

Information

Using internal agents? To access AcuMonitor to detect Out of band vulnerabilities, please whitelist the following ports on your agent server: TCP 80 and 443, UDP 53.

Step 1. Configuring a scan policy for Log4j

You can configure a scan policy to run a security check to detect the Log4j vulnerability in your environment.

How to configure a scan policy for Log4j
  1. Log in to Acunetix 360.
  2. From the main menu, select Policies > New Scan Policy.
  3. From the New Scan Policy page, enter a name and a description for your new scan policy.

  1. From the Security Checks section, select Code Evaluation > Code Evaluation (Out of Band).

  1. Enter Log4j to filter the security checks. Make sure Log4j checks are selected.
  2. From the Attacking section, select Attack Referer Header and Attack User-Agent Header.

  1. From the Attacking section, deselect Optimize Header Attacks.

Information

From the Header section, make sure to configure HTTP Headers attack according to your environment.

  1. Select Save.

Step 2. Scanning your application with the custom scan policy

After you create a custom scan policy that includes the Log4j checks, you can now launch a scan to detect whether you are vulnerable to the Log4j attacks.

How to scan your application with the custom scan policy
  1. Log in to Acunetix 360.
  2. From the main menu, select Scans > New Scan.

Information

Before scanning your first website in Acunetix 360, make sure you have added a website (Adding a website in Acunetix 360).

  1. In the Target URL field, enter the URL.
  2. From the Scan Policy, select your custom policy created in the 1st Step.

  1. Select Launch to scan.
How to run group scan with the custom scan policy
  1. Log in to Acunetix 360.
  2. From the main menu, select Scans > New Group Scan.
  3. From the New Website Group Scan page, select Website Group from the drop-down menu.

  1. From the Scan Policy drop-down, select your custom scan policy created in the 1st Step.
  2. Select Launch to scan.

Step 3. Reviewing scan result

When you launch the scan, Acunetix 360 will crawl and attack your web application to detect the Log4j vulnerability.

Once Acunetix 360 completes the scanning, the application will send an email containing the link to the report. If you did not configure an email notification, you can log in to Acunetix 360 and check your report.

How to access your scan report
  1. Log in to Acunetix 360
  2. From the main menu, select Scans > Recent Scans.
  3. Next to the relevant scan, select Report.
  4. On the Scan Summary page, scroll down to the Technical Report section to view your scan report.


 
« Back to the Acunetix Support Page