Korean open-source vulnerability detection solution developer IOTCUBE announced on December 12th that it would distribute a vulnerability detector for the critical security “Log4Shell” free of charge through Labrador OSS.
The most critical “Log4Shell” zero-day vulnerability that seriously affect most existing internet servers was discovered on the 11th. Korean and foreign government agencies, industries and security experts are quickly responding with some difficulty.
IOTCUBE urgently distributed free “Log4Shell” vulnerability detector, the worst vulnerability in computer history, through Labrador OSS. Labrador OSS is a solution providing accurate SBOM based on code-level analysis and vulnerabilities detection, jointly developed and serviced with Korea University’s Security Research Institute(CSSA).
Log4j is a Java logging framework developed by the Apache Foundation and an open-source based logging library used to save logs on servers and programs. Remote code vulnerability found in Log4j (CVE-2021-44228) allows to acquire all rights to the target server or PC. Various security accidents by stealing data from government agencies and companies or planting malwares through targeted servers can occur without entering passwords. The vulnerability was first discovered through Microsoft’s Minecraft, but security experts that all existing servers are virtually in danger.
In the case of open-source development environments, it is difficult to determine whether many government agencies and companies are using the vulnerable Log4j logging function due to the nature of a library that may use several other libraries. However, Labrador’s code-level analysis allows non-experts to scanners to only detect project with remote code vulnerabilities (CVE-2021-44228) more easily and accurately and to address vulnerabilities through update guidance.
Users can download Labrador OSS Log4Shell detector on IOTCUBE Labrador website and check vulnerabilities.
Go to Labrador and download free Log4Shell detector :
https://labrador.iotcube.com
Original article link :
https://www.etnews.com/20211212000044