The Qualys’ research team has created specific tests to quickly identify if your websites are vulnerable.
Attackers are already leveraging Log4Shell to attack internet facing websites. Attackers will likely target your internet-facing applications first. As such Qualys recommends all its customers use Qualys’s Web Application Scanner, as soon as possible, to scan their external websites for the Log4Shell (CVE-2021-44228) vulnerability.
Scan your internet facing web applications and APIs to find applications that are vulnerable to Log4j2 (CVE-2021-44228).
All scans are done directly from the Qualys cloud and do not require customers to install any software or make any network configuration change, allowing customers to leverage this capability without delay.
Qualys researchers have created highly accurate tests that simulate common Log4Shell attacks in order to detect vulnerable web applications. Qualys research team is constantly working on expanding its Log4Shell detection logic and will constantly update Log4Shell related signatures as soon as needed.