9
CVSSv3

CVE-2021-45046

Published: 14/12/2021 Updated: 21/11/2024

Vulnerability Summary

Critical Vulnerabilities in Apache Log4j Java Logging Library On December 9, 2021, the following critical vulnerability in the Apache Log4j Java logging library affecting all Log4j2 versions earlier than 2.15.0 was disclosed: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints On December 14, 2021, the following critical vulnerability, which affects certain Apache Log4j use cases in versions 2.15.0 and previous versions, was disclosed: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack On December 18, 2021, a vulnerability in the Apache Log4j component affecting versions 2.16 and previous versions was disclosed: CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation On December 28, 2021, a vulnerability in the Apache Log4j component affecting versions 2.17 and previous versions was disclosed: CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration For a description of these vulnerabilities, see the Apache Log4j Security Vulnerabilities page. Cisco's Response to These Vulnerabilities Cisco assessed all products and services for impact from both CVE-2021-44228 and CVE-2021-45046. To help detect exploitation of these vulnerabilities, Cisco has released Snort rules at the following location: Talos Rules 2021-12-21 Product fixes that are listed in this advisory will address both CVE-2021-44228 and CVE-2021-45046 unless otherwise noted. Cisco has reviewed CVE-2021-45105 and CVE-2021-44832 and has determined that no Cisco products or cloud offerings are impacted by these vulnerabilities. Cisco's standard practice is to update integrated third-party software components to later versions as they become available. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache log4j

apache log4j 2.0

cvat computer vision annotation tool -

intel audio development kit -

intel datacenter manager -

intel genomics kernel library -

intel oneapi -

intel secure device onboard -

intel sensor solution firmware development kit -

intel system debugger -

intel system studio -

siemens sppa-t3000 ses3000 firmware

siemens captial

siemens captial 2019.1

siemens comos

siemens desigo cc advanced reports 4.0

siemens desigo cc advanced reports 4.1

siemens desigo cc advanced reports 4.2

siemens desigo cc advanced reports 5.0

siemens desigo cc advanced reports 5.1

siemens desigo cc info center 5.0

siemens desigo cc info center 5.1

siemens e-car operation center

siemens energy engage 3.1

siemens energyip 8.5

siemens energyip 8.6

siemens energyip 8.7

siemens energyip 9.0

siemens energyip prepay 3.7

siemens energyip prepay 3.8

siemens gma-manager

siemens head-end system universal device integration system

siemens industrial edge management

siemens industrial edge management hub

siemens logo! soft comfort

siemens mendix

siemens mindsphere

siemens navigator

siemens nx

siemens opcenter intelligence

siemens operation scheduler

siemens sentron powermanager 4.1

siemens sentron powermanager 4.2

siemens siguard dsa 4.2

siemens siguard dsa 4.3

siemens siguard dsa 4.4

siemens sipass integrated 2.80

siemens sipass integrated 2.85

siemens siveillance command

siemens siveillance control pro

siemens siveillance identity 1.5

siemens siveillance identity 1.6

siemens siveillance vantage

siemens siveillance viewpoint

siemens solid edge cam pro

siemens solid edge harness design

siemens solid edge harness design 2020

siemens spectrum power 4

siemens spectrum power 4 4.70

siemens spectrum power 7

siemens spectrum power 7 2.30

siemens teamcenter

siemens tracealertserverplus

siemens vesys

siemens vesys 2019.1

siemens xpedition enterprise -

siemens xpedition package integrator -

debian debian linux 10.0

debian debian linux 11.0

sonicwall email security

fedoraproject fedora 34

fedoraproject fedora 35

siemens 6bk1602-0aa12-0tp0 firmware

siemens 6bk1602-0aa22-0tp0 firmware

siemens 6bk1602-0aa32-0tp0 firmware

siemens 6bk1602-0aa42-0tp0 firmware

siemens 6bk1602-0aa52-0tp0 firmware

Vendor Advisories

Debian Bug report logs - #1001729 apache-log4j2: CVE-2021-45046: Incomplete fix for CVE-2021-44228 in certain non-default configurations Package: src:apache-log4j2; Maintainer for src:apache-log4j2 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianor ...
Synopsis Low: Red Hat JBoss Enterprise Application Platform 744 security update Type/Severity Security Advisory: Low Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Application Platform 74 for Red ...
Synopsis Low: Red Hat JBoss Enterprise Application Platform 744 security update Type/Severity Security Advisory: Low Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Application Platform 74 for Red ...
Synopsis Low: Red Hat JBoss Enterprise Application Platform 744 security update Type/Severity Security Advisory: Low Topic A security update is now available for Red Hat JBoss Enterprise Application Platform 74Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) ba ...
It was found that the fix to address CVE-2021-44228 in Apache Log4j, a Logging Framework for Java, was incomplete in certain non-default configurations This could allow attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:l ...
No versions of an Amazon Linux Java Virtual Machine (JVM) are affected by CVE-2021-44228 or CVE-2021-45046 However, if customers load a log4j version that is affected by CVE-2021-44228 or CVE-2021-45046 into an Amazon Linux JVM, it will introduce the issues identified in CVE-2021-44228 and CVE-2021-45046 into the JVM This update modifies Amazon L ...
Critical Vulnerabilities in Apache Log4j Java Logging Library On December 9, 2021, the following critical vulnerability in the Apache Log4j Java logging library affecting all Log4j2 versions earlier than 2150 was disclosed: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoin ...
Amazon Kinesis Agent versions within Amazon Linux 2 (AL2) prior to aws-kinesis-agent-204-1 included a version of Apache Log4j affected by CVE-2021-44228 and CVE-2021-45046 The Amazon Kinesis Agent has been updated to aws-kinesis-agent-204-1 within Amazon Linux 2 that mitigates CVE-2021-44228 and CVE-2021-45046 For additional detail see https: ...
No versions of an Amazon Linux Java Virtual Machine (JVM) are affected by CVE-2021-44228 or CVE-2021-45046 However, if customers load a log4j version that is affected by CVE-2021-44228 or CVE-2021-45046 into an Amazon Linux JVM, it will introduce the issues identified in CVE-2021-44228 and CVE-2021-45046 into the JVM This update modifies Amazon L ...
No versions of an Amazon Linux Java Virtual Machine (JVM) are affected by CVE-2021-44228 or CVE-2021-45046 However, if customers load a log4j version that is affected by CVE-2021-44228 or CVE-2021-45046 into an Amazon Linux JVM, it will introduce the issues identified in CVE-2021-44228 and CVE-2021-45046 into the JVM This update modifies Amazon L ...
No versions of an Amazon Linux Java Virtual Machine (JVM) are affected by CVE-2021-44228 or CVE-2021-45046 However, if customers load a log4j version that is affected by CVE-2021-44228 or CVE-2021-45046 into an Amazon Linux JVM, it will introduce the issues identified in CVE-2021-44228 and CVE-2021-45046 into the JVM This update modifies Amazon L ...
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2150 was incomplete in certain non-default configurations This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Co ...
ALAS-2022-225 Amazon Linux 2022 Security Advisory: ALAS-2022-225 Advisory Release Date: 2022-12-06 16:42 Pacific ...
Citrix is aware of four vulnerabilities affecting Apache Log4j2, three of which may allow an attacker to execute arbitrary code These three vulnerabilities have been given the following identifiers:  ...

Mailing Lists

Hi Ron, Is there any information on the non-default configuration that triggers the DoS? What I am trying to understand is, if we clear the first CVE through, say, envar LOG4J_FORMAT_MSG_NO_LOOKUPS=true or -Dlog4j2formatMsgNoLookups=true, then where does the vulnerability lie for the second CVE? What configuration change needs to be done to re ...
Severity: moderate (CVSS: 37 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) Description: It was found that the fix to address CVE-2021-44228 in Apache Log4j 2150 was incomplete in certain non-default configurations This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Patte ...

Github Repositories

Provides deep dependency scanning for vulnerable log4j-core usage in Git repositories.

Deep scanning for log4j IAS created an open source project, dependency-deep-scan-utilities which detects log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046) in your source code Because of the widespread use of log4j, ease of exploit, and ability to perform remote code execution, IAS open sourced this project to help everyone mitigate this exploit dependency-deep-scan-ut

Log4shell vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-4104, CVE-2021-45105) This repo contains operational information regarding the Log4shell vulnerability in the Log4j logging library Especially CVE-2021-44228 / CVE-2021-45046 and also covers CVE-2021-4104 / CVE-2021-45105 For additional information see: NCSC-NL advisory MITRE EU CSIRT network members advisor

Hacking Kubernetes - Demo Preparations Vulnerable Kubernetes Cluster Create a single-node Kubernetes custom cluster in Rancher VM resources: 4 CPU, 8GB RAM, 80GB disk OS: Image: cloud-images-archiveubuntucom/releases/bionic/release-20180517/ubuntu-1804-server-cloudimg-amd64img Deactivate unattended upgrades sudo apt remove unattended-upgrades

A Smart Log4Shell/Log4j/CVE-2021-44228 Scanner

Log4Shell Sentinel - A Smart CVE-2021-44228 Scanner Introduction While there have some excellent tools released to help organizations scan their environments for applications vulnerable to the critical Log4J / CVE-2021-44228 vulnerability, I felt that: none of the tools I ran into were made for analysts to track a given finding throughout the remediation process Log4Shell Sen

docker-jmeter Image on Docker Hub Docker image for Apache JMeter This Docker image can be run as the jmeter command Find Images of this repo on Docker Hub Starting version 54 Docker builds/pushes are executed via GitHub Workflows Donate With over 10 Million Pulls from DockerHub, this Docker Image is increasingly popular To support its active maintainance consider making a

we are providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account. The script enables security teams to identify external-facing AWS assets by running the exploit on them, and thus be able to map them and quickly patch them

Introduction we are providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(log4shell) in their AWS account We currently support "CVE-2021-44228" and "CVE-2021-45046" RCE vulnerabilities The script enables security teams to identify external-facing AWS assets by running the exploit on them, a

patch_log4j This cookbook scans for Log4j Core JAR files and patches them against CVE-2021-44228 and CVE-2021-45046 by removing their JndiLookupclass files Usage Install and configure Chef Client on the machines you want to patch Install and configure Chef Workstation on your developer workstation Add the cookbook to your Chef server cd <your cookbooks directory&am

Install Omada SDN Controller on Ubuntu, Debian and more Linux distros using Ansible

Ansible Playbook for Deploying TP-Link Omada SDN Controller Playbook tested on following host distributions Debian 10, 11 Ubuntu 1804, 2004, 2204 Tested on Control Node Ubuntu 2004 LTS Ansible 2116 Setup Ansible Install pip sudo apt install python3-pip -y install ansible with pip pip install -i requirementstxt Installed Packages OpenJDK 8 Headless MongoDB 40 -

docker-jmeter Image on Docker Hub Docker image for Apache JMeter This Docker image can be run as the jmeter command Find Images of this repo on Docker Hub Starting version 54 Docker builds/pushes are executed via GitHub Workflows Donate With over 10 Million Pulls from DockerHub, this Docker Image is increasingly popular To support its active maintainance consider making a

The Log4j vulnerability, also known as "Log4Shell" or "CVE-2021-44228," is a critical security flaw in the Apache Log4j library Log4j is a widely used Java-based logging framework that allows developers to log messages from applications to various destinations, such as files, databases, and console outputs The vulnerability was discovered in December 2021

l4shunter To hunt for machines vulnerable to CVE-2021-44228 or CVE-2021-45046 This is a bash script that uses curl It is originally a project that I made to improve in bash, but I think it can be useful in its current form Usage Advisory This script should be used for authorized penetration testing and/or educational purposes only Any misuse of this software will not be th

Generate primary obfuscated or secondary obfuscated CVE-2021-44228 or CVE-2021-45046 payloads to evade WAF detection.

Log4Shell-obfuscated-payloads-generator Log4Shell-obfuscated-payloads-generator can generate primary obfuscated or secondary obfuscated CVE-2021-44228 or CVE-2021-45046 payloads to evade WAF detection The design idea of ​​Log4Shell-obfuscated-payloads-generator Installation git clone githubcom/r3kind1e/Log4Shell-obfuscated-payloads-generatorgit

Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell

Logout4Shell Description A vulnerability impacting Apache Log4j versions 20 through 2141 was disclosed on the project’s Github on December 9, 2021 The flaw has been dubbed “Log4Shell,”, and has the highest possible severity rating of 10 Software made or managed by the Apache Software Foundation (From here on just "Apache") is pervasive and comp

Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228)

nse-log4shell Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228) NSE scripts check most popular exposed services on the Internet It is basic script where you can customize payload Examples Note that NSE scripts will only issue the requests to the services Nmap will not report vulnerable hosts, but you have to check DNS logs to determine v

docker-jmeter Image on Docker Hub Docker image for Apache JMeter This Docker image can be run as the jmeter command Find Images of this repo on Docker Hub Starting version 54 Docker builds/pushes are executed via GitHub Workflows Donate With over 10 Million Pulls from DockerHub, this Docker Image is increasingly popular To support its active maintainance consider making a

Choose your own SIEM adventure Repo of configs for the three major SIEMs Blog posts: Elastic Graylog Splunk Security notes Default password is set to Changem123! Docker-composes v2X are for development ONLY and are NOT secure for production Config direcotry: conf/ conf/ansible/* - This directory contains all the configs for the Ansible playbooks and a manual install con

Log4Shell Scanner Scanner for the log4j < 2170 RCE vulnerability CVE-2021-44228 CVE-2021-45056 The scanner can interact with servers over various protocols to test for the vulnerability How to Run The tool runs with python 39< usage: A scanner to check for the log4j vulnerability [-h] (-t TARGET | --target-list TARGET_LIST)

DSLF, the ultimate log4j vulnerabilities assessor

DSLF DSLF stands for (D)arth (S)ide of the (L)og4j (F)orce It is the ultimate log4j vulnerabilities assessor It comes with four individual Python3 modules: Passive Callback Module aka PCM Active Callback Module aka ACM Active Scanner Module aka ASM Payload Generator Module aka PGM It covers CVE-2021-44228 and CVE-2021-45046 DSLF was coded to help CyberSecurity Teams

assignments 期末作業 Apache Log4j漏洞 班級:資財三乙 學號:108AB0704 姓名:劉筑芸 事件流程: 2021/11/24 Log4Shell 漏洞 (CVE-2021-44228)經由私下管道通報給Apache 2021/12/09 發布的 Log4j 2150 版當中已經修補。 Apache Log4j2 安全補丁更新過程: 2021/12/11 發布2150版本,對JNDI 查詢功能進行限制。但此版本

A backup source for Minecraft PVP-focused client made by LEF-ganga (aka ImFlowow)

Tritium-backup A backup source for Minecraft PVP-focused client made by LEF-ganga We are happy to make Tritium available again! 我们很高兴让 Tritium 再次可用! Because the other LEF-ganga (aka ImFlowow) has deleted the resource repo originally deployed on Gitee, some code files cannot be downloaded (such as' me Imflow: authlib: 12 ') 由于彼岸花已

PowerShell script to Remove JndiLookup.class from Jar-files to remediate LOG4J Vulnerability uses built-in compression library of Windows.

JndiLookupRemoval PowerShell script to Remove JndiLookupclass from Jar-files to remediate LOG4J Vulnerability (CVE-2021-44228 and CVE-2021-45046) Script will use built-in compression library of Windows therefore no need to install 3rd party zip-utilities This PowerShell script will scan all Fixed local drives to discover potential vulnerable Jar-files that contain the JndiLo

Scanners for Jar files that may be vulnerable to CVE-2021-44228

CVE-2021-44228_scanner Applications that are vulnerable to the log4j CVE-2021-44228 issue may be detectable by scanning jar, war, and ear files to search for the presence of JndiLookupclass Depending on the platform that you are investigating, the PowerShell or the Python3 script may make more sense to run In both cases, the optional argument is the top-level directory that

Respond to a ZeroDay Attack What you'll learn Learn how to address a vulnerability that may affect Product Development Staging Environment infrastructure What you'll do Review recent publications from the Cybersecurity & Infrastructure Security Agency (CISA) Research the reported vulnerability Draft an email to affected teams to alert them of the vulnerabi

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents Arduino Assembly C C# C++ CSS Clojure D Dockerfile Eagle Emacs Lisp G-code GAP Go HTML Java JavaScript Jinja Jupyter Notebook Logos Lua Makefile Nix Objective-C Others PHP Pascal Perl PowerShell Python QML Ruby Rust SCSS Shell Smarty Swift TeX TypeScript Vala Verilog Vim Script Vue Arduino sor

Friendly utility to load your on-prem data, whether large or small, to Einstein Analytics Datasets, with useful features such as autoloading, dataflow control and dataset inspection.

DatasetUtils DatasetUtils is a reference implementation of the Einstein Analytics External Data API This tool is free to use, but it is not officially supported by Salesforce This is a community project that have not been officially tested or documented Please do not contact Salesforce for support when using this application Log4j2 Issues (CVE-2021-44228 and CVE-2021-45046

Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046

log4shelltools log4shelltools is a tool that allows you to run a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046 This is the code that runs log4shellalexbakkerme If you'd like to inspect the code or run an instance in your own environment, you've come to the right place

log4jscan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools) Fuzzing for HTTP POST Data parameters Fuzzing for JSON data parameters Supports DNS callback for vulnerability discovery and validation WAF Bypass p

related to Log4Shell (CVE-2021-44228) vulnerability why those snippets Some commenters take it to blame Java to be insecure The attack vector is not only via HTTP headers out of scope The repository provides simple demonstration of the vulnerability as Java, Kotlin and Scala snippet why those snippets Log4Shell is a serious vulnerability and there are some rumors ar

log4j2 logging examples

Log4j2 XML Configuration: Log4j2xml Example Lokesh Gupta September 19, 2023 Log4j2 Java Logging Learn to configure log4j2xml file to output the log statements to the console, rolling files etc Learn to configure log4j2 appenders, levels and patterns Apache Log4j2 is an upgrade to Log4j 1x that provides significant improvements over its predecessor such as performance impro

Tool for checking FHIR data for conformance with the GECCO standard

NUM COMPASS conformance checker The NUM COMPASS conformance checker provides an endpoint to validate example resources of the German Corona Consensus Dataset (GECCO) The app is part of the COMPASS (Coordination on mobile pandemic apps best practice and solution sharing) project, which aims to improve how apps are used to cope with pandemics It offers both validation of si

A micro lab for CVE-2021-44228 (log4j)

horrors-log4shell A micro lab (playground?) for CVE-2021-44228 (log4j) Can be used for executing payloads against multiple targets Target-specific payloads are generated runtime Adjustable configuration and bypasses Installation Java-related requirements Development / Running example Gradle Maven In order to test the recent log4j related vulnerabilities (CVE-2021-442

Log4j jndi injection fuzz tool

logmap 06 - Log4j jndi injection fuzz tool Used for fuzzing to test whether there are log4j2 jndi injection vulnerabilities in header/body/path Use logxn--9trcom dnslog by default, If you want to use ceyeio, you need to modify the domain and token Manually edit line #486 in logmappy to modify: argsceye = ["xxxxxxceyeio", "xxxxxxxxxxxxxxxxxx

Log4jHotPatch This is a tool which injects a Java agent into a running JVM process The agent will attempt to patch the lookup() method of all loaded orgapachelogginglog4jcorelookupJndiLookup instances to unconditionally return the string "Patched JndiLookup::lookup()" It is designed to address the CVE-2021-44228 remote code execution vulnerability in Log4j wit

One place for all Log4Shell resources and useful links

log4shell-everything – One place for all valuable things about Log4Shell A continually updated page for valuable Log4Shell resources and useful links Last update: Monday, 15 December 2021, 02:17 ET Background Security teams all over the world are rushing to deal with the new critical zero-day vulnerability dubbed Log4Shell This vulnerability in Apache Log4j, a popular

Using code search to help fix/mitigate log4j CVE-2021-44228

Using code search to help fix/mitigate log4j CVE-2021-44228 and log4j CVE-2021-45046

Oh no another one

CVE-2021-45046-Info Oh no another one POC ${ctx:apiversion} - %d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m{nolookups}%n LINKS nvdnistgov/vuln/detail/CVE-2021-45046 wwwdatadoghqcom/blog/log4j-log4shell-vulnerability-overview-and-remediation/ wwwlunasecio/docs/blog/log4j-zero-day-update-on-cve-2021-45046/

Log4Shell mitigation by creating a new docker image with a thin overlay

Patch existing docker images with ENV LOG4J_FORMAT_MSG_NO_LOOKUPS=true workaround for Log4Shell NOTICE! THERE IS A NEWER Log4Shell issue, CVE-2021-45046 and this patch might not be sufficient! see the Dockerfile Add environment based workaround to disable vulnerable feature in Log4J 2100+ See twittercom/brunoborges/status/1469462412679991300 about LOG4J_FORMAT_MSG_N

docker-jmeter Image on Docker Hub Docker image for Apache JMeter This Docker image can be run as the jmeter command Find Images of this repo on Docker Hub Starting version 54 Docker builds/pushes are executed via GitHub Workflows Donate With over 10 Million Pulls from DockerHub, this Docker Image is increasingly popular To support its active maintainance consider making a

Log4j fix This solution provides a fix for the following CVEs: CVE-2021-44228 CVE-2021-4104 CVE-2021-45046 Tthis script scans the systems by the following rules scans for all log4j*jar files in first part, scans for all potential Java Archive files and check if the log4j related stuff is embedded in Depending on founded version, it will remove the appropriate class from th

Tool to search system for log4j-*.jar files

find_log4j Searches all disks for Apache Log4j Security Vulnerabilities (CVE-2021-45046 and CVE-2021-44228) Description This command line application searches all disks for Apache Log4j Security Vulnerabilities (CVE-2021-45046 and CVE-2021-44228) and writes the matching paths to txt in the same folder as the executable or to a specified file If no matches were found the resu

log4j-tools Quick links Click to find: Inclusions of log4j2 in compiled code Calls to log4j2 in compiled code Calls to log4j2 in source code Sanity check for env mitigations Applicability of CVE-2021-45046 Xray wrapper for Log4Shell Automatically patch container images in Artifactory Overview CVE-2021-44228 poses a serious threat to a wide range of Java-based appl

The official Peppol, TOOP and DE4A Directory software

phoss-directory The official Peppol Directory (PD; directorypeppoleu), TOOP Directory software (The Once-Only Project; wwwtoopeu) and DE4A Directory software (Digital Europe 4 All; wwwde4aeu) It is split into the following sub-projects (all require Java 11 or newer): phoss-directory-indexer - the PD indexer part phoss-directory-publisher - the PD publisher web

Docker image for Apache JMeter

docker-jmeter Image on Docker Hub Docker image for Apache JMeter This Docker image can be run as the jmeter command Find Images of this repo on Docker Hub Starting version 54 Docker builds/pushes are executed via GitHub Workflows Donate With over 10 Million Pulls from DockerHub, this Docker Image is increasingly popular To support its active maintainance consider making a

Jmeter Cluster for k8s/docker/dockerswarm

Copy from githubcom/justb4/docker-jmeter docker-jmeter Image on Docker Hub Docker image for Apache JMeter This Docker image can be run as the jmeter command Find Images of this repo on Docker Hub Starting version 54 Docker builds/pushes are executed via GitHub Workflows Security Patches As you may have seen in the news, a new zero-day exploit has been reported aga

Operational information regarding the log4shell vulnerabilities in the Log4j logging library.

Log4shell vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-4104, CVE-2021-45105) This repo contains operational information regarding the Log4shell vulnerability in the Log4j logging library Especially CVE-2021-44228 / CVE-2021-45046 and also covers CVE-2021-4104 / CVE-2021-45105 For additional information see: NCSC-NL advisory MITRE EU CSIRT network members advisor

Log4j CVE-2021-44228 examples: Remote Code Execution (through LDAP, RMI, ...), Forced DNS queries, ...

Log4j CVE-2021-44228 and CVE-2021-45046 Requisites Use a vulnerable JDK, for instance JDK 180_181 Usage Malicious server The malicious server deploys the following endpoints: 1389 LDAP server 1099 RMI server 8081 HTTP server /gradlew :malicious-server:bootRun Vulnerable application The vulnerable application deploys one HTTP endpoint

Log4j 2.15.0 Privilege Escalation -- CVE-2021-45046

Log4j 2150 Privilege Escalation -- CVE-2021-45046 Attack Discription It was found that the fix to address CVE-2021-44228 in Apache Log4j 2150 was incomplete in certain non-default configurations This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (fo

Patch Pulsar Docker images with Log4J 2.17.1 update to mitigate Apache Log4J Security Vulnerabilities including Log4Shell

Patch pulsar images with Apache Log4J 2171 upgrade Covers CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 CVE-2021-44832 See Log4J Security Vulnerabilities and upgrades for more information see the Dockerfile for the solution Building and pushing patched docker images example usage: # build and tag image docker build --build-arg=ORIGINAL_IMAGE=apachepulsar/pulsar-all:281

Scanner recursivo de arquivos desenvolvido em Python 3 para localização e varredura de versões vulneráveis do Log4j2, contemplando análise interna de arquivos JAR (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 e CVE-2021-44832)

████████████████▀███████████████████████████████████████████████████████████████████ █▄─▄███─▄▄─█─▄▄▄▄█░█░████▄─▄█▀▀▀▀▀██▄─▄▄─█

Warning OpenCensus and OpenTracing have merged to form OpenTelemetry, which serves as the next major version of OpenCensus and OpenTracing OpenTelemetry has now reached feature parity with OpenCensus, with tracing and metrics SDKs available in NET, Golang, Java, NodeJS, and Python All OpenCensus Github repositories, except census-instrumentation/opencensus-python, will be ar

Log4j Scanner This repository provides a scanning solution for the log4j Remote Code Execution vulnerabilities (CVE-2021-44228 & CVE-2021-45046) The information and code in this repository is provided "as is" and was assembled with the help of the open-source community and updated by CISA through collaboration with the broader cybersecurity community Officia

Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell vulnerabilities without scanning or upgrading

safelog4j Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell without scanning or upgrading If you're wrestling with log4shell CVE-2021-45046, the best longterm plan is to upgrade your log4j to the latest secure version But if you can't do that for whatever reason, you probably want to be really sure that you

Conftest Snyk Demos The following demos show how to use conftest with Snyk to break builds based on certain conditions Conftest is a utility to help you write tests against structured configuration data For instance, you could write tests for your Kubernetes configurations, Tekton pipeline definitions, Terraform code, Serverless configs or any other structured data In this c

Test this content before applying it to production systems Usage Download the latest package from releases here: githubcom/VerveIndustrialProtection/CVE-2021-44228-Log4j/releases and then Import the Fixlets, Analyses, and Computer Group into a site and apply computer subscriptions Detection Methods There are three detection methods available for each supported Operat

Log4shell vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-4104, CVE-2021-45105) This repo contains operational information regarding the Log4shell vulnerability in the Log4j logging library Especially CVE-2021-44228 / CVE-2021-45046 and also covers CVE-2021-4104 / CVE-2021-45105 For additional information see: NCSC-NL advisory MITRE EU CSIRT network members advisor

Detections for CVE-2021-44228 inside of nested binaries

Log4J-CVE-Detect This repository contains a set of YARA rules for detecting versions of log4j which are vulnerable to CVE-2021-44228, CVE-2021-45046, and / or CVE-2021-45105 by looking for a number of features which appear in affected versions This tool works recursively on binary files such as Docker images, system packages, filesystem images, and even installation media See

🚨 Log4Shell: CVE-2021-44228 🚨 ❓ What is Log4Shell? The Log4Shell attack was a widespread Java exploit targeting a common logging package (Log4j) for remote code execution It leveraged a critical vulnerability in the Log4j library, enabling attackers to execute arbitrary code remotely via crafted log messages Despite the ubiquity of Log4j in various software frameworks

A collection of scripts that extend EventSentry's functionality.

Scripts A collection of scripts that extend EventSentry's functionality For more information: EventSentry Validation Scripts Scripts descriptions antiransom_shutdownvbs: This script, given a user name as a command line argument, utilizes the "net session" command to find the host with the most recent file access activity associated with the given user name At

Playbooks for setting up a Red Hat Advanced Cluster Security demo/workshop for log4shell vulnerability

Red Hat Advanced Cluster Security workshop - Run-Time Log4Shell Vulnerability Prevention Demo Overview Run-Time Vulnerability Prevention demonstrates the capabilities of Red Hat Advanced Cluster Security for cloud native applications in OpenShift and any xKS environment The industry is quickly moving to a DevSecOps Model, and shifting security to the left to secure build, depl

docker-jmeter Image on Docker Hub Docker image for Apache JMeter This Docker image can be run as the jmeter command Find Images of this repo on Docker Hub Starting version 54 Docker builds/pushes are executed via GitHub Workflows Donate With over 10 Million Pulls from DockerHub, this Docker Image is increasingly popular To support its active maintainance consider making a

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools) Fuzzing for HTTP POST Data parameters Fuzzing for JSON data parameters Supports DNS callback for vulnerability discovery and validation WAF Bypass

Silent print and serial ports for web!

WebApp Hardware Bridge Security Warning Version <= 0130 are known to be affected by log44 vulnerabilities (CVE-2021-44228, CVE-2021-45105, CVE-2021-45046) Existing users are strongly recommended to update to 0140 or above as soon as possible Introduction WebApp Hardware Bridge (succeeder of "Chrome Hardware Bridge / Chrome Direct Print") Make it possible

EFK 설치 가이드 개요 EFK는 Elasticsearch, Fluentd 그리고 Kibana 세 개의 플랫폼 조합으로 클러스터 환경에서의 로그 수집, 검색 그리고 시각화를 제공한다 각 k8s 클러스터에 fluentd가 daemonset으로 log를 수집하여 elasticsearch에 적재하면, elasticsearch는 요청에 따른 검색 기능을 제공한다 kibana는 elast

!!!! DEPRECATION NOTICE !!!! This project is being deprecated as outlined below 2023-01-01 - This repository will no longer be updated 2023-04-01 - This repository will be permanently deprecated The project will cease to accept issues and will not be updated as of 2023-01-01 After this date, this project will be unsupported and no new releases or artifacts associated

JFrog CLI Plugins Registry General JFrog CLI Plugins allow enhancing the functionality of JFrog CLI to meet the specific user and organization needs The source code of a plugin is maintained as an open source Go project on GitHub All public plugins are registered in JFrog CLI's Plugins Registry The Registry is hosted in this GitHub repository The plugins directory inc

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools) Fuzzing for HTTP POST Data parameters Fuzzing for JSON data parameters Supports DNS callback for vulnerability discovery and validation WAF Bypass

This project will help to test the Log4j CVE-2021-44228 vulnerability.

Log4j-JNDIServer This project will help to test the Log4j CVE-2021-44228/CVE-2021-45046 vulnerabilities Installation and Building Load the project on Intellij Idea Select JDK in "Projects Settings" (CTRL + ALT + SHIFT + S) In "Project Settings", create the Artifact -> "Artifacts" -> "Create JAR from Modules" -> In &

A standard pkg installer to apply the IBM SPSS Statistics log4j fixes.

Fix pack for SPSS log4j vulnerabilities Applies the log4j 2171 fixes recomended by IBM for log4j vulnerabilities (Security bulletin copied below) There is a prebuilt signed pkg located in the build directory You can deploy it using whatever means ** created using munkipkg Document Source: wwwibmcom/support/pages/apache-log4j-cve-2021-44228-vulnerability-ibm-spss

A stats collection and distributed tracing framework

Warning OpenCensus and OpenTracing have merged to form OpenTelemetry, which serves as the next major version of OpenCensus and OpenTracing OpenTelemetry has now reached feature parity with OpenCensus, with tracing and metrics SDKs available in NET, Golang, Java, NodeJS, and Python All OpenCensus Github repositories, except census-instrumentation/opencensus-python, will be ar

Log4shell vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-4104, CVE-2021-45105) This repo contains operational information regarding the Log4shell vulnerability in the Log4j logging library Especially CVE-2021-44228 / CVE-2021-45046 and also covers CVE-2021-4104 / CVE-2021-45105 For additional information see: NCSC-NL advisory MITRE EU CSIRT network members advisor

Locate log4j vunerable files

find_log4j Locate vunerable log4j files The current advice is to upgrade for log4j v2172, this script can help find older versions Description The script tries to find log4j jar files and match their filenames, if found it checks the sha256 hash to compare If the filename is log4j-corejar or log4j-apijar, then it gets the hash and tries to match hash instead of filename

Log4j2 fix

Mule patcher A simple script that patches Mule anypoint studio, but it can be adapted for other projects as well Mule seems to work after the patch though deep dives need to be done for each application Note that the scala log4j drivers have not been patched yet Legal This is a quick and dirty tool, free to use and comes with NO WARRANTY at all Use at your own risk! Usage S

Scanner to send specially crafted requests and catch callbacks of systems that are impacted by log4j log4shell vulnerability and to detect vulnerable log4j versions on your local file-system

scan4log4shell Scanner to send specially crafted requests and catch callbacks of systems that are impacted by log4j log4shell vulnerability and to detect vulnerable log4j versions on your local file-system Features Local and remote scanner Supports URL and CIDR scans Supports DNS, LDAP & TCP callbacks for vulnerability discovery and validation Fuzzing of 50 HTTP requ

This is the Git source repo for unofficial Docker images of WSO2IS with Lo4j CVE-2021-45046 and CVE-2021-44228 patched Docker images for WSO2IS with Lo4j CVE-2021-45046 and CVE-2021-44228 patched The CVEs were patched by deleting the file org/apache/logging/log4j/core/lookup/JndiLookupclass from affected jars, per the recommended mitigations listed on the Log4j Security page

Jmeter Cluster for k8s/docker/dockerswarm

Copy from githubcom/justb4/docker-jmeter docker-jmeter Image on Docker Hub Docker image for Apache JMeter This Docker image can be run as the jmeter command Find Images of this repo on Docker Hub Starting version 54 Docker builds/pushes are executed via GitHub Workflows Security Patches As you may have seen in the news, a new zero-day exploit has been reported aga

log4j RCE (CVE-2021-44228)이 215에서 패치되었지만, CVE-2021-45046 (DoS 유발) 취약점이 새로 발견되었음 아래는 테스트 해본 결과 [테스트 환경] log4j-2150 (api , core) JRE-180 jdk180_151 Eclipse IDE (Maven Project) Log4j RCE (CVE-2021-44228) 구문 테스트 -> Not Vuln 임의의 ctx 객체명을 삽입 -> Not vuln

DatasetCreator is a lightweight RESTFul client implementation of the Salesforce CRM Analytics External Data API. It has been deliberately developed with no 3rd party jars with the goal of being a lean, reliable and scalable solution.

DatasetCreator DatasetCreator is lightweight RESTFul client implementation of the CRM Analytics External Data API This tool is free to use, but it is not officially supported by Salesforce It has been deliberately developed with no 3rd party jars with the goal of being a lean, reliable and scalable solution This is a community project that have not been officially tested o

☢️ Log4j-scanner ☢️ Scan the log4j vulnerability with the log4j scanner tool Features 👻 Features and advantages that exist in this tool: Support for lists of URLs Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools) Fuzzing for HTTP POST Data parameters Fuzzing for JSON data parameters Supports DNS callback for vulnerab

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools) Fuzzing for HTTP POST Data parameters Fuzzing for JSON data parameters Supports DNS callback for vulnerability discovery and validation WAF Bypass

A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC

Log4-detector Scanner that detects vulnerable Log4J versions to help teams assess their exposure to CVE-2021-44228 (CRITICAL), CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832 Can search for Log4J instances by carefully examining the complete file-system, including all installed applications It is able to find Log4J instances that are hidden several layers deep Works on Li

Scan systems and docker images for potential log4j vulnerabilities. Able to patch (remove JndiLookup.class) from layered archives. Will detect in-depth (layered archives jar/zip/tar/war and scans for vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105). Binaries for Windows, Linux and OsX, but can be build on each platfo…

divd-2021-00038--log4j-scanner This scanner will recursively scan paths including archives for vulnerable log4j versions and org/apache/logging/log4j/core/lookup/JndiLookupclass files Currently the allow list defines non exploitable versions, in this case log4j-core 2170 and 2123

CVE-2021-44228_scanner Applications that are vulnerable to the log4j CVE-2021-44228 issue may be detectable by scanning jar, war, and ear files to search for the presence of JndiLookupclass Depending on the platform that you are investigating, the PowerShell or the Python3 script may make more sense to run In both cases, the optional argument is the top-level directory that

Awesome Bugs 🐛

Awesome Bugs 🐛 A compilation list about bugs on software Collection of Software Bugs HackerNews Null References: The Billion Dollar Mistake HackerNews Worst Bugs The worst mistake of computer science 11 of the most costly software errors in history Therac 25 Sistema "apaga" o zero do CPF no cadastro e dificulta pedido de R$ 600 - PT-BR Articles One week

Curated list of GitHub projects I starred over the years

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents API Blueprint ActionScript ApacheConf Astro C C# C++ CSS Clojure CoffeeScript Crystal DIGITAL Command Language Dart Dockerfile Elixir Elm Erlang FreeMarker Go HTML Handlebars Haskell Java JavaScript Jupyter Notebook Kotlin Less LiveScript Lua MATLAB MDX Makefile Markdown Mustache Nunjucks OCaml

Supplier Product Version (see Status) Status CVE-2021-4104 Status CVE-2021-44228 Status CVE-2021-45046 Status CVE-2021-45105 Notes Links Alphatron Alphatron Repeater Display MFS-VJ all Not vuln Not vuln Not vuln Not vuln Alphatron Alphatron Repeater Display MFS-VR all Not vuln Not vuln Not vuln Not vuln Alphatron Alphatron Repeater Display MFS all Not vuln Not vuln

Security Research and PoC

Security Research and PoC Log4Shell Analysis Log4Shell (CVE-2021-44228) Log4Shell Follow Up (CVE-2021-45046 and CVE-2021-45105) JNDI/LDAP Remote Code Execution (JNDI LDAP RCE vulnerability using Jackson) Jackson exploit leading to RCE (Another example of Jackson based RCE) Research on Prototype Pollution in Nodejs applications JavaScript Prototype Pollution (Analysis of Pro

In deze publieke repo informeert Insignit over CVE's

cve-informatie In deze publieke repo informeert Insignit over CVE's CVE-2021-44228 Apache Log4J + CVE-2021-45046 PrintNightMare

can find, analyse and patch Log4J files because of CVE-2021-44228, CVE-2021-45046

PowerShell-Log4J-Scanner can find, analyse and patch Log4J files because of CVE-2021-44228, CVE-2021-45046 official apache site: loggingapacheorg/log4j/2x/downloadhtml Script is for Powershell, should work on Win10 or Win11

Log4Shell (CVE-2021-44228): Descrizione, Exploitation e Mitigazione

CVE-2021-44228 Il 9 dicembre 2021 il mondo è venuto a conoscenza di una nuova falla di sicurezza riguardante Log4J Il punteggio CVSSv3 (Common Vulnerability Scoring System) della vulnerabilità, è stato valutato pari a 10, rendendola così di livello critico (nvdnistgov/vuln/detail/CVE-2021-44228) CVSSv3 Il suo vettore CVSSv3 è il

Rapidly scan filesystems for Java programs potentially vulnerable to Log4Shell (CVE-2021-44228) or "that Log4j JNDI exploit" by inspecting the class paths inside files

log4shelldetect Scans a file or folder recursively for Java programs that may be vulnerable to: CVE-2021-44228 (Log4Shell) (v20x - v214x) CVE-2021-45046 (v215x) CVE-2021-45105 (v216x)1 by inspecting the class paths inside files If you only want possibly vulnerable files to be printed rather than all files, run with -mode list Usage Usage: log4shelldetect [options]

log4j2 RCE漏洞(CVE-2021-44228)内网扫描器,可用于在不出网的条件下进行漏洞扫描,帮助企业内部快速发现Log4jShell漏洞。

概述 log4j2 RCE漏洞(CVE-2021-44228)内网扫描器,可用于在不出网的条件下进行漏洞扫描,帮助企业内部快速发现Log4jShell漏洞。 修改自: githubcom/fullhunt/log4j-scan JNDIMonitor来自:r00tSe7en/JNDIMonitor: 一个LDAP请求监听器,摆脱dnslog平台 (githubcom) 本工具仅供学习研究自查使用,切勿用于非法用

Contains all my research and content produced regarding the log4shell vulnerability

Objective Contains all my research and content produced regarding the log4shell vulnerability Content Folder "analysis" Contain the information that I gather about the vulnerability, affected versions, exploitation context/requirements, remediation plan proposal and so on This content is created using Joplin and then exported as markdown to the analysis folder

Mend Bulk Report Generator

Mend Bulk Report Generator CLI Tool to generate reports on multiple products or projects The tool allows including and excluding scopes by stating their tokens Report scope (-s, --ReportScope) determines whether reports run on projects or products If included scopes (via -i, --includedTokens) are not specified, the tool runs reports on all scopes Report data exported by de

just a temp area for a few trials, please don't clone :)

This is the WORK-IN-PROGRESS repository for Mark59 - be aware it may NOT always be in a completely consistent state Mark59 Documention, Guides, Downloads and More Available at the wwwmark59com website Releases Release 60-beta-2 Refine Playwright Options for Scripting Scripting samples moved to mark59-scripting-samples, mark59-scripting-sample-dsl Cr

A simple script to remove Log4J JndiLookup.class from jars in a given directory, to temporarily protect from CVE-2021-45046 and CVE-2021-44228.

log4jjndilookupremove A simple script to remove Log4J JndiLookupclass from jars in given directory This script can be used to temporarily resolve the CVE-2021-45046 and CVE-2021-44228, until the application can be repackaged with a proper Log4J version Usage On Linux or other *nix system just run this script in the directory you want to scan, or add the target directory as f

Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)

log4j-finder A Python3 script to scan the filesystem to find Log4j2 that is vulnerable to Log4Shell (CVE-2021-44228 & CVE-2021-45046 & CVE-2021-45105) It scans recursively both on disk and inside (nested) Java Archive files (JARs) How it works log4j-finder identifies log4j2 libraries on your filesystem using a list of known bad and known good MD5 hashes of sp

Log4jSherlock Version 1020211219 Overview Log4j Scanner coded in Powershell, so you can run it in windows! This tool scans for JAR, WAR, EAR, JPI, HPI that contain the effected JndiLookupclass even in nested files Scans nested files searches for the effected JNDI class pulls version and reports in CSV, JSON, and txt log reports error ie access issues to folders where

Log4shell vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-4104, CVE-2021-45105) This repo contains operational information regarding the Log4shell vulnerability in the Log4j logging library Especially CVE-2021-44228 / CVE-2021-45046 and also covers CVE-2021-4104 / CVE-2021-45105 For additional information see: NCSC-NL advisory MITRE CSIRT network members advisories

Detections for CVE-2021-44228 inside of nested binaries

Log4J-CVE-Detect This repository contains a set of YARA rules for detecting versions of log4j which are vulnerable to CVE-2021-44228, CVE-2021-45046, and / or CVE-2021-45105 by looking for a number of features which appear in affected versions This tool works recursively on binary files such as Docker images, system packages, filesystem images, and even installation media See

CISA Log4j (CVE-2021-44228) Vulnerability Guidance This repository provides CISA's guidance and an overview of related software regarding the Log4j vulnerability (CVE-2021-44228) CISA encourages users and administrators to review the official Apache release and upgrade to Log4j 2150 or apply the recommended mitigations immediately Official CISA Guidance & Resou

Recent Articles

Log4j Vulnerabilities: Attack Insights
Symantec Threat Intelligence Blog • Siddhesh Chandrayan • 23 Dec 2024

Symantec data shows variation and scope of attacks.

Posted: 23 Dec, 20214 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinLog4j Vulnerabilities: Attack InsightsSymantec data shows variation and scope of attacks.Apache Log4j is a Java-based logging utility. The library’s main role is to log information related to security and performance to make error debugging easier and to enable applications to run smoothly. The library is part of the Apache Logging Services, a project of the A...

IT threat evolution in Q3 2022. Non-mobile statistics
Securelist • AMR • 18 Nov 2022

IT threat evolution in Q3 2022 IT threat evolution in Q3 2022. Non-mobile statistics IT threat evolution in Q3 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q3 2022: Kaspersky solutions blocked 956,074,958 attacks from online resources across the globe. Web Anti-Virus recognized 251,288,987...

You better have patched those Log4j holes or we'll see what a judge has to say – FTC
The Register • Thomas Claburn in San Francisco • 05 Jan 2022

Get our weekly newsletter Apply fixes responsibly in a timely manner or face the wrath of Lina Khan

The US Federal Trade Commission on Tuesday warned companies that vulnerable Log4j software needs to be patched … or else. In case any system administrators last month somehow missed the widespread alarm over vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-44832) in the Java logging package, the trade watchdog said Log4j continues to be exploited by a growing number of attackers and urged organizations to act now before it's too late. The FTC is advising companies to consult the US Cy...

Bad things come in threes: Apache reveals another Log4J bug
The Register • Simon Sharwood, APAC Editor • 19 Dec 2021

Get our weekly newsletter Third major fix in ten days is an infinite recursion flaw rated 7.5/10

The Apache Software Foundation (ASF) has revealed a third bug in its Log4 Java-based open-source logging library Log4j. CVE-2021-45105 is a 7.5/10-rated infinite recursion bug that was present in Log4j2 versions 2.0-alpha1 through 2.16.0. The fix is version 2.17.0 of Log4j. That’s the third new version of the tool in the last ten days. In case you haven’t been paying attention, version 2.15.0 was created to fix CVE-2021-44228, the critical-rated and trivial-to-exploit remote code execution f...

CISA issues emergency directive to fix Log4j vulnerability
The Register • Thomas Claburn in San Francisco • 17 Dec 2021

Get our weekly newsletter Federal agencies have a week to get their systems patched

The US government's Cybersecurity and Infrastructure Security Agency (CISA) on Friday escalated its call to fix the Apache Log4j vulnerability with an emergency directive requiring federal agencies to take corrective action by 5 pm EST on December 23, 2021. Log4j is a Java-based open source logging library used in millions of applications. Versions up to and including 2.14.1 contain a critical remote code execution flaw (CVE-2021-44228), and the fix incorporated into version 2.15, released a wee...

Apache takes off, nukes insecure feature at the heart of Log4j from orbit with v2.16
The Register • Gareth Corfield • 14 Dec 2021

Get our weekly newsletter Now open-source logging library's JNDI disabled entirely by default, message lookups removed

Last week, version 2.15 of the widely used open-source logging library Log4j was released to tackle a critical security hole, dubbed Log4Shell, which could be trivially abused by miscreants to hijack servers and apps over the internet. However, that release only partially closed the hole (CVE-2021-44228) by disabling by default one aspect of the Java library's exploitable functionality – JNDI message lookups. Now version 2.16 is out, and it disables all of JNDI support by default, and removes ...

Apache takes off, nukes insecure feature at the heart of Log4j from orbit with v2.16
The Register • Gareth Corfield • 14 Dec 2021

Get our weekly newsletter Now open-source logging library's JNDI disabled entirely by default, message lookups removed

Last week, version 2.15 of the widely used open-source logging library Log4j was released to tackle a critical security hole, dubbed Log4Shell, which could be trivially abused by miscreants to hijack servers and apps over the internet. However, that release only partially closed the hole (CVE-2021-44228) by disabling by default one aspect of the Java library's exploitable functionality – JNDI message lookups. Now version 2.16 is out, and it disables all of JNDI support by default, and removes ...

Mirai botnet loves exploiting your unpatched TP-Link routers, CISA warns
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Oracle and Apache holes also on Uncle Sam's list of big bad abused bugs

The US government's Cybersecurity and Infrastructure Security Agency (CISA) is adding three more flaws to its list of known-exploited vulnerabilities, including one involving TP-Link routers that is being targeted by the operators of the notorious Mirai botnet. The other two placed on the list this week involve versions of Oracle's WebLogic Server software and the Apache Foundation's Log4j Java logging library. The command-injection flaw in TP-Link's Archer AX21 Wi-Fi 6 routers – tracked as CV...

Triton malware still a threat to energy sector, FBI warns
The Register • Jessica Lyons Hardcastle • 01 Jan 1970

Get our weekly newsletter Plus: Ransomware gangster sentenced, Dell patches more Log4j bugs, and cartoon apes gone bad

In Brief Triton malware remains a threat to the global energy sector, according to an FBI warning. Triton is the software nasty used in a 2017 cyber attack carried out by a Russian government-backed research institution against a Middle East petrochemical facility. The new FBI warning [PDF] came a day after the US Department of Justice unsealed a pair of indictments that detail alleged Russian government efforts to use supply chain attacks and malware in an attempt to compromise and control crit...