Discover up-to-date information, tools, and assistance to help you get a handle on the Log4Shell vulnerability
Log4j2 is a ubiquitous library used by millions for Java applications. Created by Ceki Gülcü, the library is part of the Apache Software Foundation’s Apache Logging Services project.
An exploit for a critical zero-day vulnerability affecting Apache Log4j2 known as Log4Shell was disclosed on December 9, 2021. All versions of Log4j2 versions >= 2.0-beta9 and <= 2.15.0 are affected by this vulnerability. This vulnerability is actively being exploited in the wild.
The vulnerability, when exploited, results in remote code execution on the vulnerable server with system-level privileges. As a result, it is rated at CVSS v3 score of 10.0.
How to Run a Log4Shell Vulnerability Scan
Qualys Web Application Scanning Log4Shell Detection
Live Demonstration: Effectively Detect and Remediate Log4Shell (Jan 4, 2022)
Quickly Detect Vulnerabilities In Your External Attack SurfaceClick Here to Start
January 14, 2022 3:00 PM ET
January 11, 2022 2:00 PM ET
December 29, 2021 3:00 PM ET
December 22, 2021 7:53 PM ET
December 22, 2021 5:55 AM ET
December 20, 2021 1:00 PM ET
December 18, 2021 9:00 PM ET
Find and manage cybersecurity risks in IT assets. Qualys CSAM continuously inventories assets, applies business criticality and risk context, detects security gaps, and responds with appropriate actions to mitigate risk.Learn more
Accurately detect and respond to attacks across all endpoints. Qualys Multi-Vector EDR brings a new multi-vector approach to EDR, providing vital context and full visibility into the entire attack chain – from prevention to detection to response.Learn more
Streamline and accelerate vulnerability remediation for all your IT assets. Qualys Patch Management automatically correlates vulnerabilities to patch deployments so you can remediate quickly, proactively, and consistently.Learn more
We are continuously monitoring all our environments for any indication of active threats and exploits. With these measures, we are confident that necessary mitigations and remediation are in place to block and prevent any exploits of Log4j RCE and there is no impact on Qualys scanners, Cloud Agent, systems or customer data. We will continue to monitor our environment round the clock and implement additional measures as required.