1000
VMScore

CVE-2021-45046

CVSSv4: NA | CVSSv3: 9 | CVSSv2: 5.1 | VMScore: 1000 | EPSS: 0.96668 | KEV: Exploitation Reported
Published: 14/12/2021 Updated: 21/11/2024

Vulnerability Summary

Critical Vulnerabilities in Apache Log4j Java Logging Library On December 9, 2021, the following critical vulnerability in the Apache Log4j Java logging library affecting all Log4j2 versions earlier than 2.15.0 was disclosed: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints On December 14, 2021, the following critical vulnerability, which affects certain Apache Log4j use cases in versions 2.15.0 and previous versions, was disclosed: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack On December 18, 2021, a vulnerability in the Apache Log4j component affecting versions 2.16 and previous versions was disclosed: CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation On December 28, 2021, a vulnerability in the Apache Log4j component affecting versions 2.17 and previous versions was disclosed: CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration For a description of these vulnerabilities, see the Apache Log4j Security Vulnerabilities page. Cisco's Response to These Vulnerabilities Cisco assessed all products and services for impact from both CVE-2021-44228 and CVE-2021-45046. To help detect exploitation of these vulnerabilities, Cisco has released Snort rules at the following location: Talos Rules 2021-12-21 Product fixes that are listed in this advisory will address both CVE-2021-44228 and CVE-2021-45046 unless otherwise noted. Cisco has reviewed CVE-2021-45105 and CVE-2021-44832 and has determined that no Cisco products or cloud offerings are impacted by these vulnerabilities. Cisco's standard practice is to update integrated third-party software components to later versions as they become available. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache log4j

apache log4j 2.0

cvat computer vision annotation tool -

intel audio development kit -

intel datacenter manager -

intel genomics kernel library -

intel oneapi -

intel secure device onboard -

intel sensor solution firmware development kit -

intel system debugger -

intel system studio -

siemens sppa-t3000 ses3000 firmware

siemens captial

siemens captial 2019.1

siemens comos

siemens desigo cc advanced reports 4.0

siemens desigo cc advanced reports 4.1

siemens desigo cc advanced reports 4.2

siemens desigo cc advanced reports 5.0

siemens desigo cc advanced reports 5.1

siemens desigo cc info center 5.0

siemens desigo cc info center 5.1

siemens e-car operation center

siemens energy engage 3.1

siemens energyip 8.5

siemens energyip 8.6

siemens energyip 8.7

siemens energyip 9.0

siemens energyip prepay 3.7

siemens energyip prepay 3.8

siemens gma-manager

siemens head-end system universal device integration system

siemens industrial edge management

siemens industrial edge management hub

siemens logo! soft comfort

siemens mendix

siemens mindsphere

siemens navigator

siemens nx

siemens opcenter intelligence

siemens operation scheduler

siemens sentron powermanager 4.1

siemens sentron powermanager 4.2

siemens siguard dsa 4.2

siemens siguard dsa 4.3

siemens siguard dsa 4.4

siemens sipass integrated 2.80

siemens sipass integrated 2.85

siemens siveillance command

siemens siveillance control pro

siemens siveillance identity 1.5

siemens siveillance identity 1.6

siemens siveillance vantage

siemens siveillance viewpoint

siemens solid edge cam pro

siemens solid edge harness design

siemens solid edge harness design 2020

siemens spectrum power 4

siemens spectrum power 4 4.70

siemens spectrum power 7

siemens spectrum power 7 2.30

siemens teamcenter

siemens tracealertserverplus

siemens vesys

siemens vesys 2019.1

siemens xpedition enterprise -

siemens xpedition package integrator -

debian debian linux 10.0

debian debian linux 11.0

sonicwall email security

fedoraproject fedora 34

fedoraproject fedora 35

siemens 6bk1602-0aa12-0tp0 firmware

siemens 6bk1602-0aa22-0tp0 firmware

siemens 6bk1602-0aa32-0tp0 firmware

siemens 6bk1602-0aa42-0tp0 firmware

siemens 6bk1602-0aa52-0tp0 firmware

Vendor Advisories

Debian Bug report logs - #1001729 apache-log4j2: CVE-2021-45046: Incomplete fix for CVE-2021-44228 in certain non-default configurations Package: src:apache-log4j2; Maintainer for src:apache-log4j2 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianor ...
It was found that the fix to address CVE-2021-44228 in Apache Log4j, a Logging Framework for Java, was incomplete in certain non-default configurations This could allow attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:l ...
Synopsis Low: Red Hat JBoss Enterprise Application Platform 744 security update Type/Severity Security Advisory: Low Topic A security update is now available for Red Hat JBoss Enterprise Application Platform 74Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) ba ...
Synopsis Low: Red Hat JBoss Enterprise Application Platform 744 security update Type/Severity Security Advisory: Low Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Application Platform 74 for Red ...
Synopsis Low: Red Hat JBoss Enterprise Application Platform 744 security update Type/Severity Security Advisory: Low Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Application Platform 74 for Red ...
No versions of an Amazon Linux Java Virtual Machine (JVM) are affected by CVE-2021-44228 or CVE-2021-45046 However, if customers load a log4j version that is affected by CVE-2021-44228 or CVE-2021-45046 into an Amazon Linux JVM, it will introduce the issues identified in CVE-2021-44228 and CVE-2021-45046 into the JVM This update modifies Amazon L ...
Amazon Kinesis Agent versions within Amazon Linux 2 (AL2) prior to aws-kinesis-agent-204-1 included a version of Apache Log4j affected by CVE-2021-44228 and CVE-2021-45046 The Amazon Kinesis Agent has been updated to aws-kinesis-agent-204-1 within Amazon Linux 2 that mitigates CVE-2021-44228 and CVE-2021-45046 For additional detail see https: ...
No versions of an Amazon Linux Java Virtual Machine (JVM) are affected by CVE-2021-44228 or CVE-2021-45046 However, if customers load a log4j version that is affected by CVE-2021-44228 or CVE-2021-45046 into an Amazon Linux JVM, it will introduce the issues identified in CVE-2021-44228 and CVE-2021-45046 into the JVM This update modifies Amazon L ...
No versions of an Amazon Linux Java Virtual Machine (JVM) are affected by CVE-2021-44228 or CVE-2021-45046 However, if customers load a log4j version that is affected by CVE-2021-44228 or CVE-2021-45046 into an Amazon Linux JVM, it will introduce the issues identified in CVE-2021-44228 and CVE-2021-45046 into the JVM This update modifies Amazon L ...
No versions of an Amazon Linux Java Virtual Machine (JVM) are affected by CVE-2021-44228 or CVE-2021-45046 However, if customers load a log4j version that is affected by CVE-2021-44228 or CVE-2021-45046 into an Amazon Linux JVM, it will introduce the issues identified in CVE-2021-44228 and CVE-2021-45046 into the JVM This update modifies Amazon L ...
Critical Vulnerabilities in Apache Log4j Java Logging Library On December 9, 2021, the following critical vulnerability in the Apache Log4j Java logging library affecting all Log4j2 versions earlier than 2150 was disclosed: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoin ...
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2150 was incomplete in certain non-default configurations This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Co ...
ALAS-2022-225 Amazon Linux 2022 Security Advisory: ALAS-2022-225 Advisory Release Date: 2022-12-06 16:42 Pacific ...
Citrix is aware of four vulnerabilities affecting Apache Log4j2, three of which may allow an attacker to execute arbitrary code These three vulnerabilities have been given the following identifiers:  ...

Mailing Lists

Severity: moderate (CVSS: 37 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) Description: It was found that the fix to address CVE-2021-44228 in Apache Log4j 2150 was incomplete in certain non-default configurations This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Patte ...
Hi Ron, Is there any information on the non-default configuration that triggers the DoS? What I am trying to understand is, if we clear the first CVE through, say, envar LOG4J_FORMAT_MSG_NO_LOOKUPS=true or -Dlog4j2formatMsgNoLookups=true, then where does the vulnerability lie for the second CVE? What configuration change needs to be done to re ...

Github Repositories

Hacking Kubernetes - Demo Preparations Vulnerable Kubernetes Cluster Create a single-node Kubernetes custom cluster in Rancher VM resources: 4 CPU, 8GB RAM, 80GB disk OS: Image: cloud-images-archiveubuntucom/releases/bionic/release-20180517/ubuntu-1804-server-cloudimg-amd64img Deactivate unattended upgrades sudo apt remove unattended-upgrades

Install Omada SDN Controller on Ubuntu, Debian and more Linux distros using Ansible

Ansible Playbook for Deploying TP-Link Omada SDN Controller Playbook tested on following host distributions Debian 10, 11 Ubuntu 1804, 2004, 2204 Tested on Control Node Ubuntu 2004 LTS Ansible 2116 Setup Ansible Install pip sudo apt install python3-pip -y install ansible with pip pip install -i requirementstxt Installed Packages OpenJDK 8 Headless MongoDB 40 -

Install Omada SDN Controller on Ubuntu, Debian and more Linux distros using Ansible

Ansible Playbook for Deploying TP-Link Omada SDN Controller Playbook tested on following host distributions Debian 10, 11 Ubuntu 1804, 2004, 2204 Tested on Control Node Ubuntu 2004 LTS Ansible 2116 Setup Ansible Install pip sudo apt install python3-pip -y install ansible with pip pip install -i requirementstxt Installed Packages OpenJDK 8 Headless MongoDB 40 -

Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell vulnerabilities without scanning or upgrading

safelog4j Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell without scanning or upgrading If you're wrestling with log4shell CVE-2021-45046, the best longterm plan is to upgrade your log4j to the latest secure version But if you can't do that for whatever reason, you probably want to be really sure that you

Log4Shell mitigation by creating a new docker image with a thin overlay

Patch existing docker images with ENV LOG4J_FORMAT_MSG_NO_LOOKUPS=true workaround for Log4Shell NOTICE! THERE IS A NEWER Log4Shell issue, CVE-2021-45046 and this patch might not be sufficient! see the Dockerfile Add environment based workaround to disable vulnerable feature in Log4J 2100+ See twittercom/brunoborges/status/1469462412679991300 about LOG4J_FORMAT_MSG_N

Oh no another one

CVE-2021-45046-Info Oh no another one POC ${ctx:apiversion} - %d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m{nolookups}%n LINKS nvdnistgov/vuln/detail/CVE-2021-45046 wwwdatadoghqcom/blog/log4j-log4shell-vulnerability-overview-and-remediation/ wwwlunasecio/docs/blog/log4j-zero-day-update-on-cve-2021-45046/

Log4Shell(CVE-2021-45046) Sandbox Signature

Log4Shell-Sandbox-Signature Log4Shell(CVE-2021-45046) Sandbox Signature Regex : githubcom/back2root/log4shell-rex Cape Sandbox Signature Cuckoo Sandbox Signature

log4j2内网扫描

Log4j2-intranet-scan ⚠️免责声明 本项目仅面向合法授权的企业安全建设行为,在使用本项目进行检测时,您应确保该行为符合当地的法律法规,并且已经取得了足够的授权 如您在使用本项目的过程中存在任何非法行为,您需自行承担相应后果,我们将不承担任何法律及连带责任 在使用

Sample Log4j2 vulnerable application (CVE-2021-45046) Versions Affected: all versions from 20-beta9 to 2150 This application is based on Spring Boot web application vulnerable to CVE-2021-45046 It uses Log4j 2141 (through spring-boot-starter-log4j2 261) Running the application Run it: Import the project in Java IDE as a maven project Run CVEMainApplicationjava as a s

Generic Scanner for Apache log4j RCE CVE-2021-44228

log4shell A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs Fuzzing for more than 60 HTTP request headers Fuzzing for HTTP POST Data parameters Fuzzing for JSON data parameters Supports DNS callback for vulnerability discovery and validation WAF Bypass payloads Announcement There is a patch bypass o

safelog4j Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell without scanning or upgrading If you're wrestling with log4shell CVE-2021-45046, the best longterm plan is to upgrade your log4j to the latest secure version But if you can't do that for whatever reason, you probably want to be really sure that you

☢️ Log4j-scanner ☢️ Scan the log4j vulnerability with the log4j scanner tool Features 👻 Features and advantages that exist in this tool: Support for lists of URLs Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools) Fuzzing for HTTP POST Data parameters Fuzzing for JSON data parameters Supports DNS callback for vulnerab

Exploit server As part of a demonstration on how the log4j vulnerability CVE-2021-45046, a small web server was needed to provide various payloads/gadgets Even if the ExploitServer can server multiple exploit payloads, marshalsec can only support one per instance, as far as I have gathered You can however run multiple instances of marshalsec Configuring exploits Note that th

Log4j 漏洞本地检测脚本。 Scan all java processes on your host to check whether it's affected by log4j2 remote code execution vulnerability (CVE-2021-45046)

Log4j2 Vulnerability Local Scanner (CVE-2021-45046) Log4j 漏洞本地检测脚本,扫描主机上所有java进程,检测是否引入了有漏洞的log4j-core jar包,是否可能遭到远程代码执行攻击(CVE-2021-45046)。上传扫描报告到指定的服务器。 Scan all java processes on your host to check whether it's affected by log4j2 remote code execu

PAYMENT GATEWAY ATTACK : SPLUNK MONITORING

Web_Security_Monitoring PAYMENT GATEWAY ATTACK: SPLUNK MONITORING <title>Web Security Monitoring - Payment Gateway Attack</title> Web Security Monitoring: Payment Gateway Attack <section> <h2>Overview</h2> <p> Configured and implemented Elasti

log4j2 logging examples

Log4j2 XML Configuration: Log4j2xml Example Lokesh Gupta September 19, 2023 Log4j2 Java Logging Learn to configure log4j2xml file to output the log statements to the console, rolling files etc Learn to configure log4j2 appenders, levels and patterns Apache Log4j2 is an upgrade to Log4j 1x that provides significant improvements over its predecessor such as performance impro

Using code search to help fix/mitigate log4j CVE-2021-44228

Using code search to help fix/mitigate log4j CVE-2021-44228 and log4j CVE-2021-45046

Log4Shell Demo Attack CVE-2021-44228 CVE-2021-45046 Target the JDK version 8u181 for vulnerable app The JDK can be grab from cdnazulcom/zulu/bin/zulu83101-jdk80181-win_x64zip Run the servers from the main method The vulnerable server localhost:8080 First stage LDAP attacker server localhost:1389 Second stage

we are providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account. The script enables security teams to identify external-facing AWS assets by running the exploit on them, and thus be able to map them and quickly patch them

Introduction we are providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(log4shell) in their AWS account We currently support "CVE-2021-44228" and "CVE-2021-45046" RCE vulnerabilities The script enables security teams to identify external-facing AWS assets by running the exploit on them, a

Tools and scripts by Arctic Wolf

wolf-tools Open source tools and scripts by Arctic Wolf: Arctic Wolf Log4Shell Deep Scan: detects Java application packages subject to CVE-2021-44228 and CVE-2021-45046 Arctic Wolf Spring4Shell Deep Scan: detects Java application packages subject to CVE-2022-22965

can find, analyse and patch Log4J files because of CVE-2021-44228, CVE-2021-45046

PowerShell-Log4J-Scanner can find, analyse and patch Log4J files because of CVE-2021-44228, CVE-2021-45046 official apache site: loggingapacheorg/log4j/2x/downloadhtml Script is for Powershell, should work on Win10 or Win11

The log4j vulnerability test

TestLog4j The log4j vulnerability test Details of the vulnerability is at loggingapacheorg/log4j/2x/securityhtml CHECK THE CVE-2021-45046 CVE-2021-44228

A Log4j vulnerability scanner is used to identify the CVE-2021-44228 and CVE_2021_45046

log4j-scanner A Log4j vulnerability scanner is automated scanner to find log4j (CVE-2021-44228 and CVE_2021_45046) vulnerabilities in web applications Features 1- It supports multiple URL to perform scan 2- It has payload that can bypass some WAF 3- It supports GET and POST request 4- It supports user payload and headers file 5- It fuzzes POST data parameter as well as JSON pa

patch_log4j This cookbook scans for Log4j Core JAR files and patches them against CVE-2021-44228 and CVE-2021-45046 by removing their JndiLookupclass files Usage Install and configure Chef Client on the machines you want to patch Install and configure Chef Workstation on your developer workstation Add the cookbook to your Chef server cd <your cookbooks directory&am

Respond to a ZeroDay Attack What you'll learn Learn how to address a vulnerability that may affect Product Development Staging Environment infrastructure What you'll do Review recent publications from the Cybersecurity & Infrastructure Security Agency (CISA) Research the reported vulnerability Draft an email to affected teams to alert them of the vulnerabi

This is the WORK-IN-PROGRESS repository for Mark59 - be aware it may NOT always be in a completely consistent state.

This is the WORK-IN-PROGRESS repository for Mark59 - be aware it may NOT always be in a completely consistent state Mark59 Documention, Guides, Downloads and More Available at the wwwmark59com website Releases Release 60-beta-2 Refine Playwright Options for Scripting Scripting samples moved to mark59-scripting-samples, mark59-scripting-sample-dsl Cr

Scanners for Jar files that may be vulnerable to CVE-2021-44228

CVE-2021-44228_scanner Applications that are vulnerable to the log4j CVE-2021-44228 issue may be detectable by scanning jar, war, and ear files to search for the presence of JndiLookupclass Depending on the platform that you are investigating, the PowerShell or the Python3 script may make more sense to run In both cases, the optional argument is the top-level directory that

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools) Fuzzing for HTTP POST Data parameters Fuzzing for JSON data parameters Supports DNS callback for vulnerability discovery and validation WAF Bypass

PCRE RegEx matching Log4Shell CVE-2021-44228 IOC in your logs

Log4Shell-Rex The following RegEx was written in an attempt to match indicators of a Log4Shell (CVE-2021-44228 and CVE-2021-45046) exploitation If you run a version from pre 2021/12/21, it's highly recommended to test and update I've removed some quirks and enhanced performance The Regex aims being PCRE compatible, but should also run on re2 and potentially more Re

Find vulnerable Log4j installations

log4j-finder Find vulnerable Log4j installations A bash shell script to scan your filesystems to find log4j install bases that are vulnerable to Log4Shell (CVE-2021-44228 & CVE-2021-45046) It scans recursively to locate suspect jar files on disk and compares them to published checksums of vulnerable log4j versions Works on Linux, AIX, Solaris Usage % /log4j_findersh

A micro lab for CVE-2021-44228 (log4j)

horrors-log4shell A micro lab (playground?) for CVE-2021-44228 (log4j) Can be used for executing payloads against multiple targets Target-specific payloads are generated runtime Adjustable configuration and bypasses Installation Java-related requirements Development / Running example Gradle Maven In order to test the recent log4j related vulnerabilities (CVE-2021-442

This is the Git source repo for unofficial Docker images of WSO2IS with Lo4j CVE-2021-45046 and CVE-2021-44228 patched Docker images for WSO2IS with Lo4j CVE-2021-45046 and CVE-2021-44228 patched The CVEs were patched by deleting the file org/apache/logging/log4j/core/lookup/JndiLookupclass from affected jars, per the recommended mitigations listed on the Log4j Security page

Provides deep dependency scanning for vulnerable log4j-core usage in Git repositories.

Deep scanning for log4j IAS created an open source project, dependency-deep-scan-utilities which detects log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046) in your source code Because of the widespread use of log4j, ease of exploit, and ability to perform remote code execution, IAS open sourced this project to help everyone mitigate this exploit dependency-deep-scan-ut

A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools) Fuzzing for HTTP POST Data parameters Fuzzing for JSON data parameters Supports DNS callback for vulnerability discovery and validation WAF Bypass

DatasetCreator is a lightweight RESTFul client implementation of the Salesforce CRM Analytics External Data API. It has been deliberately developed with no 3rd party jars with the goal of being a lean, reliable and scalable solution.

DatasetCreator DatasetCreator is lightweight RESTFul client implementation of the CRM Analytics External Data API This tool is free to use, but it is not officially supported by Salesforce It has been deliberately developed with no 3rd party jars with the goal of being a lean, reliable and scalable solution This is a community project that have not been officially tested o

just a temp area for a few trials, please don't clone :)

This is the WORK-IN-PROGRESS repository for Mark59 - be aware it may NOT always be in a completely consistent state Mark59 Documention, Guides, Downloads and More Available at the wwwmark59com website Releases Release 60-beta-2 Refine Playwright Options for Scripting Scripting samples moved to mark59-scripting-samples, mark59-scripting-sample-dsl Cr

PowerShell scripts for Log4Shell So far, it only includes the script Remove-ArchiveItemps1, which removes a specified class file from JAR files (or any ZIP file, for that matter) This allows to implement one of the proposed workarounds for the Log4Shell vulnerability found in Log4j 2X Java library (CVE-2021-44228 and CVE-2021-45046) The workaround consists in removing the o

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools) Fuzzing for HTTP POST Data parameters Fuzzing for JSON data parameters Supports DNS callback for vulnerability discovery and validation WAF Bypass

One place for all Log4Shell resources and useful links

log4shell-everything – One place for all valuable things about Log4Shell A continually updated page for valuable Log4Shell resources and useful links Last update: Monday, 15 December 2021, 02:17 ET Background Security teams all over the world are rushing to deal with the new critical zero-day vulnerability dubbed Log4Shell This vulnerability in Apache Log4j, a popular

Per CVE-2021-44228 and CVE-2021-45046, Apache log4j2 versions < 2160 (except 2122) are vulnerable to remote code execution and potential data exfiltration This script will scan your New Relic account(s) for java services that report usage of log4j-core, and generate a manifest containing each suspect service with the version of log4j-core reported by New Relic APM

A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools) Fuzzing for HTTP POST Data parameters Fuzzing for JSON data parameters Supports DNS callback for vulnerability discovery and validation WAF Bypass

Log4j jndi injection fuzz tool

logmap 06 - Log4j jndi injection fuzz tool Used for fuzzing to test whether there are log4j2 jndi injection vulnerabilities in header/body/path Use logxn--9trcom dnslog by default, If you want to use ceyeio, you need to modify the domain and token Manually edit line #486 in logmappy to modify: argsceye = ["xxxxxxceyeio", "xxxxxxxxxxxxxxxxxx

Project to run jmeter test plan from docker images

docker-jmeter Image on Docker Hub Docker image for Apache JMeter This Docker image can be run as the jmeter command Find Images of this repo on Docker Hub Starting version 54 Docker builds/pushes are executed via GitHub Workflows Donate With over 10 Million Pulls from DockerHub, this Docker Image is increasingly popular To support its active maintainance consider making a

Replicating CVE-2021-45046

tejas-nagchandi/CVE-2021-45046 Attack Description It was found that the fix to address CVE-2021-44228 in Apache Log4j 2150 was incomplete in certain non-default configurations This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:log

Log4jScanner is a Log4j Related CVEs Scanner, Designed to Help Penetration Testers to Perform Black Box Testing on given subdomains.

Log4jScanner Log4jScanner is a Log4j Related CVEs Scanner, Designed to Help Penetration Testers to Perform Black Box Testing on given subdomains Disclaimer 💻 This project was created only for good purposes and personal use THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND YOU MAY USE TH

A simple script to remove Log4J JndiLookup.class from jars in a given directory, to temporarily protect from CVE-2021-45046 and CVE-2021-44228.

log4jjndilookupremove A simple script to remove Log4J JndiLookupclass from jars in given directory This script can be used to temporarily resolve the CVE-2021-45046 and CVE-2021-44228, until the application can be repackaged with a proper Log4J version Usage On Linux or other *nix system just run this script in the directory you want to scan, or add the target directory as f

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools) Fuzzing for HTTP POST Data parameters Fuzzing for JSON data parameters Supports DNS callback for vulnerability discovery and validation WAF Bypass

Friendly utility to load your on-prem data, whether large or small, to Einstein Analytics Datasets, with useful features such as autoloading, dataflow control and dataset inspection.

DatasetUtils DatasetUtils is a reference implementation of the Einstein Analytics External Data API This tool is free to use, but it is not officially supported by Salesforce This is a community project that have not been officially tested or documented Please do not contact Salesforce for support when using this application Log4j2 Issues (CVE-2021-44228 and CVE-2021-45046

Burp Active Scan extension to identify Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046

Log4j-HammerTime This Burp Suite Active Scanner extension validates exploitation of the Apache Log4j CVE-2021-44228 and CVE-2021-45046 vulnerabilities This extension uses the Burp Collaborator to verify the issue Usage Enable this extension Launch an Active Scan on a specific target if you want to run only checks from this module, you can import the extensions-onlyjson pro

docker-jmeter Image on Docker Hub Docker image for Apache JMeter This Docker image can be run as the jmeter command Find Images of this repo on Docker Hub Starting version 54 Docker builds/pushes are executed via GitHub Workflows Donate With over 10 Million Pulls from DockerHub, this Docker Image is increasingly popular To support its active maintainance consider making a

This repository contains a script that you can run on your (windows) machine to mitigate CVE-2021-44228

SitecoreSolr-log4j-mitigation CVE-2021-44228 This repository contains a script that you can run on your (windows) machine to mitigate CVE-2021-44228 by applying the advice as documented on solrapacheorg/securityhtml#apache-solr-affected-by-apache-log4j-cve-2021-44228 The PowerShell script assumes that you have used the default root path when installing Sitecore with

JFrog CLI Plugins Registry General JFrog CLI Plugins allow enhancing the functionality of JFrog CLI to meet the specific user and organization needs The source code of a plugin is maintained as an open source Go project on GitHub All public plugins are registered in JFrog CLI's Plugins Registry The Registry is hosted in this GitHub repository The plugins directory inc

log4j vulnerability exploration

Log4j vulnerability exploration/proof of concept Also known as CVE-2021-45046 CVE-20201-44228 #log4shell loggingapacheorg/log4j/2x/securityhtml How to use First verify that it works by running testsh it should print ITWORKS in uppercase for different log levels Exfiltration example cd listener /ldap-exfilpy in another termi

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents AGS Script ASP AppleScript Assembly AutoHotkey Awk Batchfile Bikeshed C C# C++ CSS Clojure CoffeeScript Common Lisp Crystal Cython D Dart Dockerfile EJS Elixir Elm Emacs Lisp Erlang F# FreeMarker GCC Machine Description GDScript GLSL Go HCL HTML Hack Handlebars Haskell Java JavaScript Jinja Juli

Exploit & Vulnerability Intelligence Repository

Exploit & Vulnerability Intelligence Repository Introduction Welcome to the Exploit & Vulnerability Intelligence repository! This open-source project aims to provide the community with the latest exploit information and streamline the process of vulnerability management By integrating various sources of exploit data, this repository helps security enthusiasts a

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools) Fuzzing for HTTP POST Data parameters Fuzzing for JSON data parameters Supports DNS callback for vulnerability discovery and validation WAF Bypass

A backup source for Minecraft PVP-focused client made by LEF-ganga (aka ImFlowow)

Tritium-backup A backup source for Minecraft PVP-focused client made by LEF-ganga We are happy to make Tritium available again! 我们很高兴让 Tritium 再次可用! Because the other LEF-ganga (aka ImFlowow) has deleted the resource repo originally deployed on Gitee, some code files cannot be downloaded (such as' me Imflow: authlib: 12 ') 由于彼岸花已

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools) Fuzzing for HTTP POST Data parameters Fuzzing for JSON data parameters Supports DNS callback for vulnerability discovery and validation WAF Bypass

This repository contains all gathered resources we used during our Incident Reponse on CVE-2021-44228 and CVE-2021-45046 aka Log4Shell.

CVE-2021-44228: Log4j / Log4Shell Security Research Summary This repository contains all gathered resources we used during our Incident Reponse on CVE-2021-44228 and CVE-2021-45046 aka Log4Shell Threat Intel Mitigations / Fixes Malware Reports Advisory IOCs / Callback Domains / IP Addresses Honeypots Payloads / Obfuscation / WAF Bypass Vulnerability Scanning Exploitation

A playground for poking at the Log4Shell (CVE-2021-44228) vulnerability mitigations

About A playground for poking at the critical log4j (aka Log4Shell) (CVE-2021-44228) vulnerability mitigations This particular problem lies within the JndiLookup feature and the log4j ability to interpret ALL the arguments of a logging call I would expect it to only interpret the format message (the first argument of a logging call), eg, the Hello {} in loginfo("Hello

This repository contains all gathered resources we used during our Incident Reponse on CVE-2021-44228 and CVE-2021-45046 aka Log4Shell.

CVE-2021-44228: Log4j / Log4Shell Security Research Summary This repository contains all gathered resources we used during our Incident Reponse on CVE-2021-44228 and CVE-2021-45046 aka Log4Shell Threat Intel Mitigations / Fixes Malware Reports Advisory IOCs / Callback Domains / IP Addresses Honeypots Payloads / Obfuscation / WAF Bypass Vulnerability Scanning Exploitation

Log4jHotPatch This is a tool which injects a Java agent into a running JVM process The agent will attempt to patch the lookup() method of all loaded orgapachelogginglog4jcorelookupJndiLookup instances to unconditionally return the string "Patched JndiLookup::lookup()" It is designed to address the CVE-2021-44228 remote code execution vulnerability in Log4j wit

Mitigate log4shell (CVE-2021-44228) vulnerability attacks using Nginx LUA script

nginx-mitigate-log4shell Mitigate log4shell (CVE-2021-44228 and CVE-2021-45046) vulnerability attacks using Nginx LUA script Requires the Nginx lua module (wwwnginxcom/resources/wiki/modules/lua/) to be enabled Use include /path/to/mitigate-log4shellconf; in the server {} context Can be included in multiple server contexts Can also be placed in the http {} c

Jmeter Cluster for k8s/docker/dockerswarm

Copy from githubcom/justb4/docker-jmeter docker-jmeter Image on Docker Hub Docker image for Apache JMeter This Docker image can be run as the jmeter command Find Images of this repo on Docker Hub Starting version 54 Docker builds/pushes are executed via GitHub Workflows Security Patches As you may have seen in the news, a new zero-day exploit has been reported aga

UNFI POC - Commands to execute API Performance Testing Stage git clone githubcom/hari-mutyala/HK-JmeterDockergit cd HK-JmeterDocker/ docker build -t hmutyala/hk-jmeter:v1 docker push hmutyala/hk-jmeter:v1 docker pull hmutyala/hk-jmeter:v1 docker run --name hk-jmeterpoc hmutyala/hk-jmeter:v1 docker container cp hk-jmeterpoc:/opt/apache-jmeter-55/bin/reports/API_PERF

A quick description of what I did in Forage Internship. It was mainly focused on learning about Log4j vulnerability and advising how to mitigate it. In the second part of the internship I had to conduct a brute-force attack on encrypted files.

Forage-Internship-AIG A quick description of what I did in Forage Internship It was mainly focused on learning about Log4j vulnerability and advising how to mitigate it In the second part of the internship I had to conduct a brute-force attack on encrypted files AIG’s Shields Up: Cybersecurity Job Simulation! Role: Information Security Analyst in the Cyber & In

PowerShell script to Remove JndiLookup.class from Jar-files to remediate LOG4J Vulnerability uses built-in compression library of Windows.

JndiLookupRemoval PowerShell script to Remove JndiLookupclass from Jar-files to remediate LOG4J Vulnerability (CVE-2021-44228 and CVE-2021-45046) Script will use built-in compression library of Windows therefore no need to install 3rd party zip-utilities This PowerShell script will scan all Fixed local drives to discover potential vulnerable Jar-files that contain the JndiLo

Tool for checking FHIR data for conformance with the GECCO standard

NUM COMPASS conformance checker The NUM COMPASS conformance checker provides an endpoint to validate example resources of the German Corona Consensus Dataset (GECCO) The app is part of the COMPASS (Coordination on mobile pandemic apps best practice and solution sharing) project, which aims to improve how apps are used to cope with pandemics It offers both validation of si

Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046

log4shelltools log4shelltools is a tool that allows you to run a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046 This is the code that runs log4shellalexbakkerme If you'd like to inspect the code or run an instance in your own environment, you've come to the right place

Tool to search system for log4j-*.jar files

find_log4j Searches all disks for Apache Log4j Security Vulnerabilities (CVE-2021-45046 and CVE-2021-44228) Description This command line application searches all disks for Apache Log4j Security Vulnerabilities (CVE-2021-45046 and CVE-2021-44228) and writes the matching paths to txt in the same folder as the executable or to a specified file If no matches were found the resu

Log4Shell Research Lab 🚧 A basic research lab to learn more about Log4Shell: CVE-2021-45105 CVE-2021-45046 CVE-2021-44228 Used By Microsoft Sentinel To-Go! Log4Shell Demo Research notes I took the following notes while learning about Log4Shell I hope they are helpful! 🍻 Depending on which CVE you want to test, use the following research notes to simulate a few scen

A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC

Log4-detector Scanner that detects vulnerable Log4J versions to help teams assess their exposure to CVE-2021-44228 (CRITICAL), CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832 Can search for Log4J instances by carefully examining the complete file-system, including all installed applications It is able to find Log4J instances that are hidden several layers deep Works on Li

log4j2demo

Apache log4j2 远程命令执行漏洞 2021-12-27 重要更新: 根据官网消息,2160和2170版本包暴露了新的漏洞(CVE-2021-45105)和(CVE-2021-44832)。建议升级到2171版本。 2021-12-18重要更新: 根据Apache Log4j2官网信息,针对漏洞CVE-2021-44228的临时规避方案,除了删除class之外,其他设置formatMsgNoLookups等环境变

Log4shell vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-4104, CVE-2021-45105) This repo contains operational information regarding the Log4shell vulnerability in the Log4j logging library Especially CVE-2021-44228 / CVE-2021-45046 and also covers CVE-2021-4104 / CVE-2021-45105 For additional information see: NCSC-NL advisory MITRE CSIRT network members advisories

Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)

log4j-finder A Python3 script to scan the filesystem to find Log4j2 that is vulnerable to Log4Shell (CVE-2021-44228 & CVE-2021-45046 & CVE-2021-45105) It scans recursively both on disk and inside (nested) Java Archive files (JARs) How it works log4j-finder identifies log4j2 libraries on your filesystem using a list of known bad and known good MD5 hashes of sp

The official Peppol, TOOP and DE4A Directory software

phoss-directory The official Peppol Directory (PD; directorypeppoleu), TOOP Directory software (The Once-Only Project; wwwtoopeu) and DE4A Directory software (Digital Europe 4 All; wwwde4aeu) It is split into the following sub-projects (all require Java 11 or newer): phoss-directory-indexer - the PD indexer part phoss-directory-publisher - the PD publisher web

Playbooks for setting up a Red Hat Advanced Cluster Security demo/workshop for log4shell vulnerability

Red Hat Advanced Cluster Security workshop - Run-Time Log4Shell Vulnerability Prevention Demo Overview Run-Time Vulnerability Prevention demonstrates the capabilities of Red Hat Advanced Cluster Security for cloud native applications in OpenShift and any xKS environment The industry is quickly moving to a DevSecOps Model, and shifting security to the left to secure build, depl

Curated list of GitHub projects I starred over the years

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents API Blueprint ActionScript ApacheConf Astro C C# C++ CSS Clojure CoffeeScript Crystal DIGITAL Command Language Dart Dockerfile Elixir Elm Erlang FreeMarker Go HTML Handlebars Haskell Java JavaScript Jupyter Notebook Kotlin Less LiveScript Lua MATLAB MDX Makefile Markdown Mustache Nunjucks OCaml

Modern Java/JVM Build Practices

Modern Java/JVM Build Practices Modern Java/JVM Build Practices is an article-as-repo on building modern Java/JVM projects using Gradle and Maven, and a starter project for Java The focus is best build practices and project hygiene This document is agnostic between Gradle and Maven: discussion in each section covers both tools (alphabetical order, Gradle before Maven) S

CUBETIQ Security Advisors and Guidelines for Response and Resolves Common Vulnerabilities and Exposures

CUBETIQ Security Advisors CUBETIQ Security Advisors and Guidelines for Response and Resolves Common Vulnerabilities and Exposures Alerts CVE-2021-44228 (10/12/2021) CVE-2021-45046 (14/12/2021) CVE-2021-45105 (18/12/2021) CVE-2021-42550 (16/12/2021) Contributors Sambo Chea sombochea@cubetiqscom

CUBETIQ Security Advisors and Guidelines for Response and Resolves Common Vulnerabilities and Exposures

CUBETIQ Security Advisors CUBETIQ Security Advisors and Guidelines for Response and Resolves Common Vulnerabilities and Exposures Alerts CVE-2021-44228 (10/12/2021) CVE-2021-45046 (14/12/2021) CVE-2021-45105 (18/12/2021) CVE-2021-42550 (16/12/2021) Contributors Sambo Chea sombochea@cubetiqscom

Security Research and PoC

Security Research and PoC Log4Shell Analysis Log4Shell (CVE-2021-44228) Log4Shell Follow Up (CVE-2021-45046 and CVE-2021-45105) JNDI/LDAP Remote Code Execution (JNDI LDAP RCE vulnerability using Jackson) Jackson exploit leading to RCE (Another example of Jackson based RCE) Research on Prototype Pollution in Nodejs applications JavaScript Prototype Pollution (Analysis of Pro

This elasticsearch image v7102 is patched against following log4j vulnerabilities: CVE-2021-44228 CVE-2021-45046 CVE-2021-45105 Since the only two latest versions 7162 and 6822 of elasticsearch were patched by vendor, but numerous products use exclusively interim releases (ie graylog), we've decided to release a patched image, although is the image according to e

Detections for CVE-2021-44228 inside of nested binaries

Log4J-CVE-Detect This repository contains a set of YARA rules for detecting versions of log4j which are vulnerable to CVE-2021-44228, CVE-2021-45046, and / or CVE-2021-45105 by looking for a number of features which appear in affected versions This tool works recursively on binary files such as Docker images, system packages, filesystem images, and even installation media See

Log4shell vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-4104, CVE-2021-45105) This repo contains operational information regarding the Log4shell vulnerability in the Log4j logging library Especially CVE-2021-44228 / CVE-2021-45046 and also covers CVE-2021-4104 / CVE-2021-45105 For additional information see: NCSC-NL advisory MITRE EU CSIRT network members advisor

Log4shell vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-4104, CVE-2021-45105) This repo contains operational information regarding the Log4shell vulnerability in the Log4j logging library Especially CVE-2021-44228 / CVE-2021-45046 and also covers CVE-2021-4104 / CVE-2021-45105 For additional information see: NCSC-NL advisory MITRE EU CSIRT network members advisor

Log4shell vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-4104, CVE-2021-45105) This repo contains operational information regarding the Log4shell vulnerability in the Log4j logging library Especially CVE-2021-44228 / CVE-2021-45046 and also covers CVE-2021-4104 / CVE-2021-45105 For additional information see: NCSC-NL advisory MITRE EU CSIRT network members advisor

Goal Configure dependency-check-maven in a parent POM, allowing suppressions to be loaded from a known location (src/build/suppressionsxml) in a child project (if defined), based on the configuration described in jeremylong/DependencyCheck#3947 (comment) Running the reactor build: Note that the suppressions are not loaded (for the full output with debug logging turned on see

The complete ph websuite

ph-oton This set of Java libraries forms a package to build Java web applications Contained subprojects are: ph-oton-html - Java wrapper for all HTML elements and attributes ph-oton-jscode - a Java code model to build structured JS code ph-oton-jquery - an extension to ph-html-jscode to also support jQuery ph-oton-atom - ATOM newsfeed stuff ph-oton-io - basic IO stuff (sinc

Patch Pulsar Docker images with Log4J 2.17.1 update to mitigate Apache Log4J Security Vulnerabilities including Log4Shell

Patch pulsar images with Apache Log4J 2171 upgrade Covers CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 CVE-2021-44832 See Log4J Security Vulnerabilities and upgrades for more information see the Dockerfile for the solution Building and pushing patched docker images example usage: # build and tag image docker build --build-arg=ORIGINAL_IMAGE=apachepulsar/pulsar-all:281

🚨 Log4Shell: CVE-2021-44228 🚨 ❓ What is Log4Shell? The Log4Shell attack was a widespread Java exploit targeting a common logging package (Log4j) for remote code execution It leveraged a critical vulnerability in the Log4j library, enabling attackers to execute arbitrary code remotely via crafted log messages Despite the ubiquity of Log4j in various software frameworks

Playbooks for setting up a Red Hat Advanced Cluster Security demo/workshop for log4shell vulnerability

Red Hat Advanced Cluster Security workshop - Run-Time Log4Shell Vulnerability Prevention Demo Overview Run-Time Vulnerability Prevention demonstrates the capabilities of Red Hat Advanced Cluster Security for cloud native applications in OpenShift and any xKS environment The industry is quickly moving to a DevSecOps Model, and shifting security to the left to secure build, depl

log4j-sniffer log4j-sniffer crawls for all instances of log4j on disk within a specified directory It can be used to determine whether there are any vulnerable instances of log4j within a directory tree and report or delete them depending on the mode used Scanning for versions affected by CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832 is currently supported

Patching the Log4j vulnerability in Gluu Server Gluu Server versions covered: Gluu v4, v3 ( from 315 to 318 ), Enterprise Edition, Cloud Native and Snapcraft Security Vulnerabilities: CVE-2021-44832, CVE-2021-45105, CVE-2021-45046 and CVE-2021-44228 Log4j library versions affected: 216 and earlier   Overview: On December 17th, Apache announced critical vulnerabi

Detections for CVE-2021-44228 inside of nested binaries

Log4J-CVE-Detect This repository contains a set of YARA rules for detecting versions of log4j which are vulnerable to CVE-2021-44228, CVE-2021-45046, and / or CVE-2021-45105 by looking for a number of features which appear in affected versions This tool works recursively on binary files such as Docker images, system packages, filesystem images, and even installation media See

nse-log4shell Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228) NSE scripts check most popular exposed services on the Internet It is basic script where you can customize payload Examples Note that NSE scripts will only issue the requests to the services Nmap will not report vulnerable hosts, but you have to check DNS logs to determine v

docker-jmeter Image on Docker Hub Docker image for Apache JMeter This Docker image can be run as the jmeter command Find Images of this repo on Docker Hub Starting version 54 Docker builds/pushes are executed via GitHub Workflows Donate With over 10 Million Pulls from DockerHub, this Docker Image is increasingly popular To support its active maintainance consider making a

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools) Fuzzing for HTTP POST Data parameters Fuzzing for JSON data parameters Supports DNS callback for vulnerability discovery and validation WAF Bypass

log4jscan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools) Fuzzing for HTTP POST Data parameters Fuzzing for JSON data parameters Supports DNS callback for vulnerability discovery and validation WAF Bypass p

Recent Articles

Log4j Vulnerabilities: Attack Insights
Symantec Threat Intelligence Blog • Siddhesh Chandrayan • 23 Dec 2025

Symantec data shows variation and scope of attacks.

Posted: 23 Dec, 20214 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinLog4j Vulnerabilities: Attack InsightsSymantec data shows variation and scope of attacks.Apache Log4j is a Java-based logging utility. The library’s main role is to log information related to security and performance to make error debugging easier and to enable applications to run smoothly. The library is part of the Apache Logging Services, a project of the A...

IT threat evolution in Q3 2022. Non-mobile statistics
Securelist • AMR • 18 Nov 2022

IT threat evolution in Q3 2022 IT threat evolution in Q3 2022. Non-mobile statistics IT threat evolution in Q3 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q3 2022: Kaspersky solutions blocked 956,074,958 attacks from online resources across the globe. Web Anti-Virus recognized 251,288,987...

You better have patched those Log4j holes or we'll see what a judge has to say – FTC
The Register • Thomas Claburn in San Francisco • 05 Jan 2022

Get our weekly newsletter Apply fixes responsibly in a timely manner or face the wrath of Lina Khan

The US Federal Trade Commission on Tuesday warned companies that vulnerable Log4j software needs to be patched … or else. In case any system administrators last month somehow missed the widespread alarm over vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-44832) in the Java logging package, the trade watchdog said Log4j continues to be exploited by a growing number of attackers and urged organizations to act now before it's too late. The FTC is advising companies to consult the US Cy...

Bad things come in threes: Apache reveals another Log4J bug
The Register • Simon Sharwood, APAC Editor • 19 Dec 2021

Get our weekly newsletter Third major fix in ten days is an infinite recursion flaw rated 7.5/10

The Apache Software Foundation (ASF) has revealed a third bug in its Log4 Java-based open-source logging library Log4j. CVE-2021-45105 is a 7.5/10-rated infinite recursion bug that was present in Log4j2 versions 2.0-alpha1 through 2.16.0. The fix is version 2.17.0 of Log4j. That’s the third new version of the tool in the last ten days. In case you haven’t been paying attention, version 2.15.0 was created to fix CVE-2021-44228, the critical-rated and trivial-to-exploit remote code execution f...

CISA issues emergency directive to fix Log4j vulnerability
The Register • Thomas Claburn in San Francisco • 17 Dec 2021

Get our weekly newsletter Federal agencies have a week to get their systems patched

The US government's Cybersecurity and Infrastructure Security Agency (CISA) on Friday escalated its call to fix the Apache Log4j vulnerability with an emergency directive requiring federal agencies to take corrective action by 5 pm EST on December 23, 2021. Log4j is a Java-based open source logging library used in millions of applications. Versions up to and including 2.14.1 contain a critical remote code execution flaw (CVE-2021-44228), and the fix incorporated into version 2.15, released a wee...

Apache takes off, nukes insecure feature at the heart of Log4j from orbit with v2.16
The Register • Gareth Corfield • 14 Dec 2021

Get our weekly newsletter Now open-source logging library's JNDI disabled entirely by default, message lookups removed

Last week, version 2.15 of the widely used open-source logging library Log4j was released to tackle a critical security hole, dubbed Log4Shell, which could be trivially abused by miscreants to hijack servers and apps over the internet. However, that release only partially closed the hole (CVE-2021-44228) by disabling by default one aspect of the Java library's exploitable functionality – JNDI message lookups. Now version 2.16 is out, and it disables all of JNDI support by default, and removes ...

Apache takes off, nukes insecure feature at the heart of Log4j from orbit with v2.16
The Register • Gareth Corfield • 14 Dec 2021

Get our weekly newsletter Now open-source logging library's JNDI disabled entirely by default, message lookups removed

Last week, version 2.15 of the widely used open-source logging library Log4j was released to tackle a critical security hole, dubbed Log4Shell, which could be trivially abused by miscreants to hijack servers and apps over the internet. However, that release only partially closed the hole (CVE-2021-44228) by disabling by default one aspect of the Java library's exploitable functionality – JNDI message lookups. Now version 2.16 is out, and it disables all of JNDI support by default, and removes ...

Triton malware still a threat to energy sector, FBI warns
The Register • Jessica Lyons Hardcastle • 28 Mar 2022

Get our weekly newsletter Plus: Ransomware gangster sentenced, Dell patches more Log4j bugs, and cartoon apes gone bad

In Brief Triton malware remains a threat to the global energy sector, according to an FBI warning. Triton is the software nasty used in a 2017 cyber attack carried out by a Russian government-backed research institution against a Middle East petrochemical facility. The new FBI warning [PDF] came a day after the US Department of Justice unsealed a pair of indictments that detail alleged Russian government efforts to use supply chain attacks and malware in an attempt to compromise and control crit...

Mirai botnet loves exploiting your unpatched TP-Link routers, CISA warns
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Oracle and Apache holes also on Uncle Sam's list of big bad abused bugs

The US government's Cybersecurity and Infrastructure Security Agency (CISA) is adding three more flaws to its list of known-exploited vulnerabilities, including one involving TP-Link routers that is being targeted by the operators of the notorious Mirai botnet. The other two placed on the list this week involve versions of Oracle's WebLogic Server software and the Apache Foundation's Log4j Java logging library. The command-injection flaw in TP-Link's Archer AX21 Wi-Fi 6 routers – tracked as CV...

References

CWE-917CWE-917https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001729https://nvd.nist.govhttps://github.com/kdpuvvadi/omada-ansiblehttps://www.first.org/epsshttps://www.debian.org/security/2021/dsa-5022https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdhttp://www.openwall.com/lists/oss-security/2021/12/14/4http://www.openwall.com/lists/oss-security/2021/12/15/3http://www.openwall.com/lists/oss-security/2021/12/18/1https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdfhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/https://logging.apache.org/log4j/2.x/security.htmlhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032https://security.gentoo.org/glsa/202310-16https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdhttps://www.cve.org/CVERecord?id=CVE-2021-44228https://www.debian.org/security/2021/dsa-5022https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.htmlhttps://www.kb.cert.org/vuls/id/930724https://www.oracle.com/security-alerts/alert-cve-2021-44228.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttp://www.openwall.com/lists/oss-security/2021/12/14/4http://www.openwall.com/lists/oss-security/2021/12/15/3http://www.openwall.com/lists/oss-security/2021/12/18/1https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdfhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/https://logging.apache.org/log4j/2.x/security.htmlhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032https://security.gentoo.org/glsa/202310-16https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdhttps://www.cve.org/CVERecord?id=CVE-2021-44228https://www.debian.org/security/2021/dsa-5022https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.htmlhttps://www.kb.cert.org/vuls/id/930724https://www.oracle.com/security-alerts/alert-cve-2021-44228.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.html