FortiDAST
FortiDAST performs automated black-box dynamic application security testing of web applications to identify vulnerabilities that bad actors may exploit.
dmaciejak
Staff
Staff
Article Id 243905
Description

This article describes Log4j vulnerability assessment with FortiDAST.

 

CVE-2021-44228 Log4Shell is a software vulnerability in Apache Log4j, a popular Java library for logging error messages in applications. This zero-day can result in a remote code execution, allowing the attacker to get full control of the target.

 

CVE-2021-45046 It was found that the previous fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This zero-day can result in information leak and local code execution on all the targets and potential remote code execution only on some targets.

Scope FortiDAST version 23.1
Solution

Detection against that vulnerability is empowered by the FortiDAST Scripting Engine (FSE).

 

This technology enables FortiDAST to assess remotely with high level of confidence if an asset is vulnerable to a specific vulnerability by testing the disarmed exploit against the asset itself.

 

To configure the scan, you will need to enable the FSE group signature apache-log4j.

 

For reference, a step-by-step guide on how to configure FortiPenTest/FortiDAST to trigger FSE can be found on Fortinet’s blog.

 

For more details regarding mitigating the vulnerability by utilizing Fortinet products, refer to https://www.fortiguard.com/outbreak-alert/log4j2-vulnerability