[CVE-2021-45105] - Log4J

Brief

Apache Log4j is a Java-based logging utility developed by the Apache Software Foundation. Several companies use the Log4j library worldwide to enable logging and configure a wide set of applications.

The Log4j flaw allows hackers to run any code on vulnerable machines or hack into any application directly using the Log4j framework.

Looking at its severity, MITRE rated the vulnerability as critical and assigned a CVSS score of 10/10.

Scanner

git clone https://github.com/fullhunt/log4j-scan.git
cd log4j-scan

pip3 install -r requirements.txt
# Scan a Single URL using all Request Methods: GET, POST (url-encoded form), POST (JSON body)
python3 log4j-scan.py -u https://log4j.lab.secbot.local --run-all-tests

POC Links

Previous[CVE-2021-4034] - Pwnkit Next[CVE-2018-15473] - OPENSSH < 7.7

Last updated 1 year ago