Burp Suite User Forum

Login to post

Would Burp Suite Professional detect log4j vulnerability?

Marius | Last updated: Dec 16, 2021 10:13PM UTC

We use Burp Suite Professional for regular scans of our application. Is there a guarantee that the scan tests for the log4j vulnerability?

Ben, PortSwigger Agent | Last updated: Dec 17, 2021 08:44AM UTC

Hi Marius, The Burp Scanner does not currently perform a native check for the Log4j vulnerability. There are, however, a couple of extensions now in our BApp Store that will help to identify the vulnerability: https://portswigger.net/bappstore/186be35f6e0d418eb1f6ecf1cc66a74d https://portswigger.net/bappstore/b011be53649346dd87276bca41ce8e8f

You need to Log in to post a reply. Or register here, for free.