CVE-2021-44228

NVD Published Date: December 10, 2021 at 10:15 AM
NVD Last Modified: July 24, 2024 at 05:08 PM
Download Patch
Vulnerability ID
CVE-2021-44228
Severity
CRITICAL
Severity Score
10.0
Summary
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
References

https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf

http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html

https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf

http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html

https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md

http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html

http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html

https://www.oracle.com/security-alerts/cpujan2022.html

https://github.com/cisagov/log4j-affected-db

https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001

https://support.apple.com/kb/HT213189

http://seclists.org/fulldisclosure/2022/Mar/23

https://www.oracle.com/security-alerts/cpuapr2022.html

https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228

https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html

http://seclists.org/fulldisclosure/2022/Jul/11

http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html

http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html

http://seclists.org/fulldisclosure/2022/Dec/2

http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html

https://logging.apache.org/log4j/2.x/security.html

http://www.openwall.com/lists/oss-security/2021/12/10/1

http://www.openwall.com/lists/oss-security/2021/12/10/2

http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html

https://security.netapp.com/advisory/ntap-20211210-0007/

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd

http://www.openwall.com/lists/oss-security/2021/12/10/3

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

https://www.oracle.com/security-alerts/alert-cve-2021-44228.html

http://www.openwall.com/lists/oss-security/2021/12/13/1

http://www.openwall.com/lists/oss-security/2021/12/13/2

https://twitter.com/kurtseifried/status/1469345530182455296

https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html

https://www.debian.org/security/2021/dsa-5020

https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf

http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html

http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html

http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html

http://www.openwall.com/lists/oss-security/2021/12/14/4

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html

https://www.kb.cert.org/vuls/id/930724

http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html

http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html

http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html

http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html

http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html

http://www.openwall.com/lists/oss-security/2021/12/15/3

https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf

https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/

Mitigation and Patches
Exploits

https://www.exploit-db.com/exploits/51183

https://www.exploit-db.com/exploits/50590

https://www.exploit-db.com/exploits/50592

https://github.com/fullhunt/log4j-scan

https://github.com/kozmer/log4j-shell-poc

https://github.com/christophetd/log4shell-vulnerable-app

https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words

https://github.com/logpresso/CVE-2021-44228-Scanner

https://github.com/f0ng/log4j2burpscanner

https://github.com/mergebase/log4j-detector

https://github.com/jas502n/Log4j2-CVE-2021-44228

https://github.com/corretto/hotpatch-for-apache-log4j2

https://github.com/fox-it/log4j-finder

https://github.com/0xInfection/LogMePwn

https://github.com/CERTCC/CVE-2021-44228_scanner

https://github.com/Diverto/nse-log4shell

https://github.com/rubo77/log4j_checker_beta

https://github.com/back2root/log4shell-rex

https://github.com/takito1812/log4j-detect

https://github.com/NS-Sp4ce/Vm4J

https://github.com/HyCraftHD/Log4J-RCE-Proof-Of-Concept

https://github.com/alexandre-lavoie/python-log4rce

https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes

https://github.com/puzzlepeaches/Log4jUnifi

https://github.com/BinaryDefense/log4j-honeypot-flask

https://github.com/NorthwaveSecurity/log4jcheck

https://github.com/boundaryx/cloudrasp-log4j2

https://github.com/0xDexter0us/Log4J-Scanner

https://github.com/puzzlepeaches/Log4jCenter

https://github.com/simonis/Log4jPatch

https://github.com/Adikso/minecraft-log4j-honeypot

https://github.com/thomaspatzke/Log4Pot

https://github.com/MalwareTech/Log4jTools

https://github.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce

https://github.com/alexbakker/log4shell-tools

https://github.com/cyberxml/log4j-poc

https://github.com/giterlizzi/nmap-log4shell

https://github.com/nccgroup/log4j-jndi-be-gone

https://github.com/bigsizeme/Log4j-check

https://github.com/LiveOverflow/log4shell

https://github.com/future-client/CVE-2021-44228

https://github.com/Jeromeyoung/log4j2burpscanner

https://github.com/lucab85/log4j-cve-2021-44228

https://github.com/authomize/log4j-log4shell-affected

https://github.com/dtact/divd-2021-00038--log4j-scanner

https://github.com/CodeShield-Security/Log4JShell-Bytecode-Detector

https://github.com/RedDrip7/Log4Shell_CVE-2021-44228_related_attacks_IOCs

https://github.com/1lann/log4shelldetect

https://github.com/CreeperHost/Log4jPatcher

https://github.com/HynekPetrak/log4shell-finder

https://github.com/redhuntlabs/Log4JHunt

https://github.com/stripe/log4j-remediation-tools

https://github.com/hackinghippo/log4shell_ioc_ips

https://github.com/twseptian/spring-boot-log4j-cve-2021-44228-docker-lab

https://github.com/fireeye/CVE-2021-44228

https://github.com/infiniroot/nginx-mitigate-log4shell

https://github.com/Y0-kan/Log4jShell-Scan

https://github.com/darkarnium/Log4j-CVE-Detect

https://github.com/greymd/CVE-2021-44228

https://github.com/sassoftware/loguccino

https://github.com/julian911015/Log4j-Scanner-Exploit

https://github.com/toramanemre/log4j-rce-detect-waf-bypass

https://github.com/qingtengyun/cve-2021-44228-qingteng-online-patch

https://github.com/mufeedvh/log4jail

https://github.com/corelight/cve-2021-44228

https://github.com/pedrohavay/exploit-CVE-2021-44228

https://github.com/r3kind1e/Log4Shell-obfuscated-payloads-generator

https://github.com/blake-fm/vcenter-log4j

https://github.com/faisalfs10x/Log4j2-CVE-2021-44228-revshell

https://github.com/Malwar3Ninja/Exploitation-of-Log4j2-CVE-2021-44228

https://github.com/lhotari/log4shell-mitigation-tester

https://github.com/roxas-tan/CVE-2021-44228

https://github.com/Glease/Healer

https://github.com/CrackerCat/CVE-2021-44228-Log4j-Payloads

https://github.com/ab0x90/CVE-2021-44228_PoC

https://github.com/thecyberneh/Log4j-RCE-Exploiter

https://github.com/claranet/ansible-role-log4shell

https://github.com/xsultan/log4jshield

https://github.com/snow0715/log4j-Scan-Burpsuite

https://github.com/cergo123/log4j-dork-scanner

https://github.com/zsolt-halo/Log4J-Log4Shell-CVE-2021-44228-Spring-Boot-Test-Service

https://github.com/ossie-git/log4shell_sentinel

https://github.com/Hydragyrum/evil-rmi-server

https://github.com/rakutentech/jndi-ldap-test-server

https://github.com/Nanitor/log4fix

https://github.com/mitiga/log4shell-cloud-scanner

https://github.com/ssl/scan4log4j

https://github.com/wortell/log4j

https://github.com/TaroballzChen/CVE-2021-44228-log4jVulnScanner-metasploit

https://github.com/kubearmor/log4j-CVE-2021-44228

https://github.com/momos1337/Log4j-RCE

https://github.com/sunnyvale-it/CVE-2021-44228-PoC

https://github.com/lfama/log4j_checker

https://github.com/marcourbano/CVE-2021-44228

https://github.com/immunityinc/Log4j-JNDIServer

https://github.com/Labout/log4shell-rmi-poc

https://github.com/justakazh/Log4j-CVE-2021-44228

https://github.com/qingtengyun/cve-2021-44228-qingteng-patch

https://github.com/Sh0ckFR/log4j-CVE-2021-44228-Public-IoCs

https://github.com/irgoncalves/f5-waf-enforce-sig-CVE-2021-44228

https://github.com/atnetws/fail2ban-log4j

https://github.com/0xsyr0/Log4Shell

https://github.com/AlexandreHeroux/Fix-CVE-2021-44228

https://github.com/obscuritylabs/log4shell-poc-lab

https://github.com/cybersecurityworks553/log4j-shell-csw

https://github.com/Tai-e/CVE-2021-44228

https://github.com/DragonSurvivalEU/RCE

https://github.com/Azeemering/CVE-2021-44228-DFIR-Notes

https://github.com/demining/Log4j-Vulnerability

https://github.com/lucab85/ansible-role-log4shell

https://github.com/mschmnet/Log4Shell-demo

https://github.com/DXC-StrikeForce/Burp-Log4j-HammerTime

https://github.com/isuruwa/Log4j

https://github.com/OopsieWoopsie/mc-log4j-patcher

https://github.com/KosmX/CVE-2021-44228-example

https://github.com/mr-vill4in/log4j-fuzzer

https://github.com/yesspider-hacker/log4j-payload-generator

https://github.com/KeysAU/Get-log4j-Windows.ps1

https://github.com/toramanemre/apache-solr-log4j-CVE-2021-44228

https://github.com/irgoncalves/f5-waf-quick-patch-cve-2021-44228

https://github.com/phoswald/sample-ldap-exploit

https://github.com/jacobtread/L4J-Vuln-Patch

https://github.com/4jfinder/4jfinder.github.io

https://github.com/snapattack/damn-vulnerable-log4j-app

https://github.com/KeysAU/Get-log4j-Windows-local

https://github.com/ankur-katiyar/log4j-docker

https://github.com/shamo0/CVE-2021-44228

https://github.com/inettgmbh/checkmk-log4j-scanner

https://github.com/manuel-alvarez-alvarez/log4j-cve-2021-44228

https://github.com/OlafHaalstra/log4jcheck

https://github.com/winnpixie/log4noshell

https://github.com/nkoneko/VictimApp

https://github.com/zlepper/CVE-2021-44228-Test-Server

https://github.com/saharNooby/log4j-vulnerability-patcher-agent

https://github.com/unlimitedsola/log4j2-rce-poc

https://github.com/sud0x00/log4j-CVE-2021-44228

https://github.com/myyxl/cve-2021-44228-minecraft-poc

https://github.com/corneacristian/Log4J-CVE-2021-44228-RCE

https://github.com/0xRyan/log4j-nullroute

https://github.com/ycdxsb/Log4Shell-CVE-2021-44228-ENV

https://github.com/sinakeshmiri/log4jScan

https://github.com/madCdan/JndiLookup

https://github.com/Koupah/MC-Log4j-Patcher

https://github.com/dbzoo/log4j_scanner

https://github.com/ubitech/cve-2021-44228-rce-poc

https://github.com/TheInterception/Log4J-Simulation-Tool

https://github.com/r00thunter/Log4Shell

https://github.com/many-fac3d-g0d/apache-tomcat-log4j

https://github.com/Ananya-0306/Log-4j-scanner

https://github.com/MrHarshvardhan/PY-Log4j-RCE-Scanner

https://github.com/M1ngGod/CVE-2021-44228-Log4j-lookup-Rce

https://github.com/vorburger/Log4j_CVE-2021-44228

https://github.com/zzzz0317/log4j2-vulnerable-spring-app

https://github.com/hotpotcookie/CVE-2021-44228-white-box

https://github.com/badb33f/Apache-Log4j-POC

https://github.com/Occamsec/log4j-checker

https://github.com/suuhm/log4shell4shell

https://github.com/Kr0ff/CVE-2021-44228

https://github.com/codiobert/log4j-scanner

https://github.com/michaelsanford/Log4Shell-Honeypot

https://github.com/pmontesd/log4j-cve-2021-44228

https://github.com/mss/log4shell-hotfix-side-effect

https://github.com/Joefreedy/Log4j-Windows-Scanner

https://github.com/threatmonit/Log4j-IOCs

https://github.com/alexandreroman/cve-2021-44228-workaround-buildpack

https://github.com/jacobtread/L4J-Vuln-Patch

https://github.com/jas502n/Log4j2-CVE-2021-44228

https://github.com/boundaryx/cloudrasp-log4j2

https://github.com/Glease/Healer

https://github.com/HyCraftHD/Log4J-RCE-Proof-Of-Concept

https://github.com/christophetd/log4shell-vulnerable-app

https://github.com/simonis/Log4jPatch

https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes

https://twitter.com/Balgan/status/1469298678963834892

https://github.com/greymd/CVE-2021-44228

https://github.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce

https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words

https://github.com/1lann/log4shelldetect

https://github.com/takito1812/log4j-detect

https://github.com/kozmer/log4j-shell-poc

https://github.com/Adikso/minecraft-log4j-honeypot

https://github.com/f0ng/log4j2burpscanner

https://github.com/toramanemre/log4j-rce-detect-waf-bypass

https://github.com/CreeperHost/Log4jPatcher

https://github.com/logpresso/CVE-2021-44228-Scanner

https://github.com/zzzz0317/log4j2-vulnerable-spring-app

https://github.com/nkoneko/VictimApp

https://github.com/ssstonebraker/log4j_CVE-2021-44228_tester

https://github.com/phoswald/sample-ldap-exploit

https://github.com/darkarnium/CVE-2021-44228

https://github.com/corretto/hotpatch-for-apache-log4j2

https://github.com/RedDrip7/Log4Shell_CVE-2021-44228_related_attacks_IOCs

https://github.com/alexandre-lavoie/python-log4rce

https://github.com/zlepper/CVE-2021-44228-Test-Server

https://github.com/DragonSurvivalEU/RCE

https://github.com/0-x-2-2/CVE-2021-44228

https://github.com/authomize/log4j-log4shell-affected

https://github.com/Azeemering/CVE-2021-44228-DFIR-Notes

https://github.com/KosmX/CVE-2021-44228-example

https://github.com/blake-fm/vcenter-log4j

https://github.com/infiniroot/nginx-mitigate-log4shell

https://github.com/fullhunt/log4j-scan

https://github.com/bigsizeme/Log4j-check

https://github.com/Sh0ckFR/log4j-CVE-2021-44228-Public-IoCs

https://github.com/ssl/scan4log4j

https://github.com/qingtengyun/cve-2021-44228-qingteng-online-patch

https://github.com/momos1337/Log4j-RCE

https://github.com/Diverto/nse-log4shell

https://github.com/qingtengyun/cve-2021-44228-qingteng-patch

https://github.com/lhotari/log4shell-mitigation-tester

https://github.com/pedrohavay/exploit-CVE-2021-44228

https://github.com/Malwar3Ninja/Exploitation-of-Log4j2-CVE-2021-44228

https://github.com/irgoncalves/f5-waf-enforce-sig-CVE-2021-44228

https://github.com/nccgroup/log4j-jndi-be-gone

https://github.com/rakutentech/jndi-ldap-test-server

https://github.com/0xDexter0us/Log4J-Scanner

https://github.com/rubo77/log4j_checker_beta

https://github.com/zsolt-halo/CVE-2021-44228-Spring-Boot-Test-Service

https://github.com/zsolt-halo/Log4J-Log4Shell-CVE-2021-44228-Spring-Boot-Test-Service

https://github.com/0xsyr0/CVE-2021-44228-log4j-log4shell-Security-Research-Summary

https://github.com/twseptian/Spring-Boot-Log4j-CVE-2021-44228-Docker-Lab

https://github.com/alexbakker/log4shell-tools

https://github.com/NorthwaveSecurity/log4jcheck

https://github.com/0xRyan/log4j-nullroute

https://github.com/Hydragyrum/evil-rmi-server

https://github.com/ycdxsb/Log4Shell-CVE-2021-44228-ENV

https://github.com/jeffli1024/log4j-rce-test

https://github.com/giterlizzi/nmap-log4shell

https://github.com/rwincey/CVE-2021-44228-Log4j-Payloads

https://github.com/fox-it/log4j-finder

https://github.com/0xInfection/LogMePwn

https://github.com/js-on/jndiRep

https://github.com/cyberxml/log4j-poc

https://github.com/claranet/ansible-role-log4shell

https://github.com/sunnyvale-it/CVE-2021-44228-PoC

https://github.com/MalwareTech/Log4jTools

https://github.com/darkarnium/Log4j-CVE-Detect

https://github.com/BinaryDefense/log4j-honeypot-flask

https://github.com/hupe1980/scan4log4shell

https://github.com/mufeedvh/log4jail

https://github.com/zhzyker/logmap

https://github.com/StandB/CVE-2021-44228-poc

https://github.com/Occamsec/log4j-checker

https://github.com/AlexandreHeroux/Fix-CVE-2021-44228

https://github.com/CERTCC/CVE-2021-44228_scanner

https://github.com/justakazh/Log4j-CVE-2021-44228

https://github.com/corelight/cve-2021-44228

https://github.com/back2root/log4shell-rex

https://github.com/aws-samples/kubernetes-log4j-cve-2021-44228-node-agent

https://github.com/stripe/log4j-remediation-tools

https://github.com/ab0x90/CVE-2021-44228_PoC

https://github.com/CodeShield-Security/Log4JShell-Bytecode-Detector

https://github.com/faisalfs10x/Log4j2-CVE-2021-44228-revshell

https://github.com/xsultan/log4jshield

https://github.com/fireeye/CVE-2021-44228

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/log4shell_scanner.rb

https://github.com/mergebase/log4j-detector

https://github.com/thomaspatzke/Log4Pot

https://github.com/mitiga/log4shell-cloud-scanner

https://github.com/kubearmor/log4j-CVE-2021-44228

https://github.com/DXC-StrikeForce/Burp-Log4j-HammerTime

https://github.com/isuruwa/Log4j

https://github.com/lfama/log4j_checker

https://twitter.com/kurtseifried/status/1469345530182455296

http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html

http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html

https://github.com/name/log4j-scanner

https://github.com/Kr0ff/CVE-2021-44228

https://github.com/redhuntlabs/Log4JHunt

https://github.com/OlafHaalstra/log4jcheck

https://github.com/obscuritylabs/log4shell-poc-lab

https://github.com/madCdan/JndiLookup

https://github.com/atnetws/fail2ban-log4j

https://github.com/dtact/divd-2021-00038--log4j-scanner

https://github.com/immunityinc/Log4j-JNDIServer

https://github.com/sud0x00/log4j-CVE-2021-44228

https://github.com/mss/log4shell-hotfix-side-effect

https://github.com/Koupah/MC-Log4j-Patcher

https://github.com/Mormoroth/log4j-vulnerable-app-cve-2021-44228-terraform

https://github.com/unlimitedsola/log4j2-rce-poc

https://github.com/KeysAU/Get-log4j-Windows.ps1

https://github.com/HynekPetrak/log4shell_finder

https://github.com/puzzlepeaches/Log4jCenter

https://github.com/myyxl/cve-2021-44228-minecraft-poc

https://github.com/manuel-alvarez-alvarez/log4j-cve-2021-44228

https://github.com/KeysAU/Get-log4j-Windows-local

https://github.com/ankur-katiyar/log4j-docker

https://github.com/HynekPetrak/log4shell-finder

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-44228

https://github.com/Y0-kan/Log4jShell-Scan

https://github.com/lucab85/log4j-cve-2021-44228

https://github.com/ossie-git/log4shell_sentinel

https://github.com/sassoftware/loguccino

https://github.com/Nanitor/log4fix

https://github.com/inettgmbh/checkmk-log4j-scanner

https://github.com/TaroballzChen/CVE-2021-44228-log4jVulnScanner-metasploit

https://github.com/hackinghippo/log4shell_ioc_ips

https://github.com/LiveOverflow/log4shell

https://github.com/ainrm/log4j-scan

https://github.com/ahmad4fifz/CVE-2021-44228

https://github.com/snow0715/log4j-Scan-Burpsuite

https://github.com/razz0r/CVE-2021-44228-Mass-RCE

https://github.com/puzzlepeaches/Log4jUnifi

https://github.com/roxas-tan/CVE-2021-44228

https://github.com/dbzoo/log4j_scanner

https://github.com/suuhm/log4shell4shell

https://github.com/b-abderrahmane/CVE-2021-44228-playground

https://github.com/mr-r3b00t/CVE-2021-44228

https://github.com/wortell/log4j

https://github.com/4jfinder/4jfinder.github.io

https://github.com/puzzlepeaches/Log4jHorizon

https://github.com/mr-vill4in/log4j-fuzzer

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/log4shell_header_injection.rb

https://github.com/pmontesd/log4j-cve-2021-44228

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/vmware_vcenter_log4shell.rb

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/ubiquiti_unifi_log4shell.rb

https://github.com/NS-Sp4ce/Vm4J

https://github.com/codiobert/log4j-scanner

https://github.com/PwnC00re/Log4J_0day_RCE

https://github.com/0xsyr0/Log4Shell

https://github.com/Jeromeyoung/log4j2burpscanner

https://github.com/mschmnet/Log4Shell-demo

https://github.com/0x3SC4L4T3/Apache-Log4j-POC

https://github.com/dotPY-hax/log4py

https://github.com/thecyberneh/Log4j-RCE-Exploiter

https://github.com/twseptian/spring-boot-log4j-cve-2021-44228-docker-lab

https://github.com/r00thunter/Log4Shell

https://github.com/TheInterception/Log4J-Simulation-Tool

https://github.com/Joefreedy/Log4j-Windows-Scanner

https://github.com/standb/CVE-2021-44228-poc

https://github.com/Labout/log4shell-rmi-poc

https://github.com/r3kind1e/Log4Shell-obfuscated-payloads-generator

https://github.com/winnpixie/log4noshell

https://github.com/ExploitPwner/CVE-2021-44228-Mass-RCE-Log4j

https://github.com/julian911015/Log4j-Scanner-Exploit

https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228

https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html

https://github.com/marcourbano/Log4Shell_PoC

https://github.com/lucab85/ansible-role-log4shell

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/mobileiron_core_log4shell.rb

https://github.com/many-fac3d-g0d/apache-tomcat-log4j

https://github.com/michaelsanford/Log4Shell-Honeypot

http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html

https://github.com/JagarYousef/log4j-dork-scanner

https://github.com/marcourbano/CVE-2021-44228

https://github.com/shamo0/CVE-2021-44228

https://github.com/snapattack/damn-vulnerable-log4j-app

https://github.com/yesspider-hacker/log4j-payload-generator

https://github.com/0xst4n/CVE-2021-44228-poc

https://github.com/OopsieWoopsie/mc-log4j-patcher

https://github.com/kek-Sec/log4j-scanner-CVE-2021-44228

https://github.com/alexandreroman/cve-2021-44228-workaround-buildpack

https://github.com/ColdFusionX/CVE-2021-44228-Log4Shell-POC

https://github.com/hotpotcookie/log4shell-white-box

https://github.com/badb33f/Apache-Log4j-POC

https://github.com/vorburger/Log4j_CVE-2021-44228

http://seclists.org/fulldisclosure/2022/Dec/2

https://github.com/irgoncalves/f5-waf-quick-patch-cve-2021-44228

https://github.com/demining/Log4j-Vulnerability

https://github.com/hotpotcookie/CVE-2021-44228-white-box

https://github.com/cybersecurityworks553/log4j-shell-csw

https://github.com/M1ngGod/CVE-2021-44228-Log4j-lookup-Rce

https://github.com/threatmonit/Log4j-IOCs

https://github.com/saharNooby/log4j-vulnerability-patcher-agent

https://github.com/corneacristian/Log4J-CVE-2021-44228-RCE

https://github.com/toramanemre/apache-solr-log4j-CVE-2021-44228

https://github.com/CrackerCat/CVE-2021-44228-Log4j-Payloads

https://github.com/MrHarshvardhan/PY-Log4j-RCE-Scanner

https://github.com/mzlogin/CVE-2021-44228-Demo

https://github.com/Tai-e/CVE-2021-44228

https://github.com/future-client/CVE-2021-44228

https://github.com/maximofernandezriera/CVE-2021-44228

https://github.com/ubitech/cve-2021-44228-rce-poc

http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html

http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html

http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html

http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html

https://github.com/sinakeshmiri/log4jScan

https://github.com/Ananya-0306/Log-4j-scanner

https://github.com/cergo123/log4j-dork-scanner

Metasploit Payload
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE ID
CWE-20, CWE-400, CWE-502

Recent Publish

CVE-2022-22536

KB5046616

KB5046617

CVE-2022-0543

CVE-2022-22947

KB5046618

See More ...

See SecOps Solution
in action

Schedule Demo
Agentless security for your infrastructure and applications - to build faster, more securely and in a fraction of the operational cost of other solutions
hello@secopsolution.com
+569-231-213
Compare
Qualys Cloud Agent Tenable Nessus Rapid7 InsightVM
Company
About Us Contact Career
Resources
Blog Sample Reports CVE Windows KB Case Studies eBooks Policy Templates Webinar
Try It
Patch Astra EPSS Calculator Contact Free Scan Schedule Demo Log In
© 2024  SecOps Solution, Inc.| Privacy Policy | Terms and Conditions .
Social Media :