Syhunt Hybrid 6.9.11 adds Log4Shell vulnerability detection

Update (December 28, 2021): Our alert about a new RCE vulnerability in Log4J 2.17.0, already detected by Syhunt 6.9.11.4. Read more

Since the public disclosure of the severe risk Log4Shell (CVE-2021-44228) vulnerability that affects Java apps, we have worked to prepare a robust Syhunt update to our DAST, OAST, SAST and FAST capabilities that adds detection of the Log4Shell vulnerability. Today we released the 6.9.11 version of Syhunt Hybrid, which adds the new detection capabilities. Syhunt recommends organizations to perform immediate review and actions which are absolutely necessary in order to fully secure their web server and applications against the vulnerability that when exploited by attackers may result in remote command execution.

Organizations must make sure they do not have any instances of vulnerable versions of the Log4J framework in production within their servers and applications. The Log4Shell vulnerability happens when input is passed to a logging function of a server that uses a vulnerable Log4J framework version. Previous releases of the Syhunt Code scanner warned about user input being passed to the Log4J logging functions, which would be identified as a log forging vulnerability. Depending on how you addressed such instances through input validation or filtering, you may have inadvertently hardened your application against Log4Shell attacks, but you should still re-scan your apps with the latest Syhunt version and patch Log4J instances.

Log4Shell Detection Capabilities

Syhunt Hybrid 6.9.11 adds a new hunt method called Log4Shell, which allows to scan specifically for the Log4J vulnerabilities using Syhunt Dynamic or Syhunt Code. This method is available both through the Syhunt Hybrid GUI and CLI. In addition to this, our web server log scanner now detects Log4Shell attack attempts. Read below about the new capabilities.

• Through SAST: Increased the severity level of Log Injection vulnerabilities when scanning Java source code with Syhunt Code, allowing you to validate and filter input before passing to the Log4J logging functions. Please note that you should still locate and update your vulnerable instances of the Log4J framework.
• In addition to the above, version 6.9.11 adds the detection of the vulnerable Log4J-Core JAR files to Syhunt Code, allowing you to locate the versions of the framework vulnerable to CVE-2021-44228 within code directories and repositories.
• Through FAST: Added the detection of Log4Shell injection attempts to the Syhunt Insight log analyzer.
• Through DAST and OAST: Added the detection of the Log4Shell vulnerability on Windows and Unix environments through injection to Syhunt Dynamic. The JNDI Exploit server is used to augment the DAST scan, interoperating with Syhunt's Signal OAST service. Professional penetration testers can enable this feature by following the guide Syhunt Dynamic: Log4Shell Detection.

Please note that the Community edition of Syhunt Dynamic does not comes with the new Log4Shell detection capabilities only supported by the full-featured version of Syhunt Hybrid or Dynamic.

Additional Improvements

• Added Bearer and Digest (MD5/SHA256/SHA512) authentication support through GUI and CLI.

Happy bug hunting!