[CVE-2021-45105] - Log4J

Brief

Apache Log4j is a Java-based logging utility developed by the Apache Software Foundation. Several companies use the Log4j library worldwide to enable logging and configure a wide set of applications.

The Log4j flaw allows hackers to run any code on vulnerable machines or hack into any application directly using the Log4j framework.

Looking at its severity, MITRE rated the vulnerability as critical and assigned a CVSS score of 10/10.

Scanner

git clone https://github.com/fullhunt/log4j-scan.git
cd log4j-scan

pip3 install -r requirements.txt
# Scan a Single URL using all Request Methods: GET, POST (url-encoded form), POST (JSON body)
python3 log4j-scan.py -u https://log4j.lab.secbot.local --run-all-tests

GitHub - fullhunt/log4j-scan: A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228GitHub

POC Links

Apache Log4j Shell POC exploitsMedium

GitHub - kozmer/log4j-shell-poc: A Proof-Of-Concept for the CVE-2021-44228 vulnerability.GitHub

Previous[CVE-2021-4034] - Pwnkit Next[CVE-2018-15473] - OPENSSH < 7.7

Last updated 2 years ago

Was this helpful?