← back
CVE-2021-44228

Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints

CVSS 10 CRITICALEPSS 100.0%● KEVCWE-20CWE-400CWE-502
In short

Apache Log4j2 allows attackers to execute arbitrary code by injecting malicious commands into log messages. If an application uses a vulnerable version of Log4j2 and logs user-controlled data, an attacker can trigger code execution from remote servers.

Technical detail

CVE-2021-44228 exploits unsafe JNDI (Java Naming and Directory Interface) lookups in Log4j2 versions 2.0-beta9 through 2.15.0 when message lookup substitution is enabled. An attacker controlling log message content can inject JNDI expressions that load and execute arbitrary code from attacker-controlled LDAP or RMI endpoints. This requires the application to log attacker-influenced data without sanitization.

Summary generated and translated by AI from the official description.
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Apache Software Foundation · Apache Log4j2
public PoCs found428
githubgithub.com/fullhunt/log4j-scan3426githubgithub.com/kozmer/log4j-shell-poc1849githubgithub.com/christophetd/log4shell-vulnerable-app1142githubgithub.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words950githubgithub.com/logpresso/CVE-2021-44228-Scanner862githubgithub.com/f0ng/log4j2burpscanner844githubgithub.com/mergebase/log4j-detector640githubgithub.com/corretto/hotpatch-for-apache-log4j2497githubgithub.com/jas502n/Log4j2-CVE-2021-44228469githubgithub.com/fox-it/log4j-finder439githubgithub.com/0xInfection/LogMePwn395githubgithub.com/Diverto/nse-log4shell352githubgithub.com/CERTCC/CVE-2021-44228_scanner349githubgithub.com/back2root/log4shell-rex292githubgithub.com/rubo77/log4j_checker_beta247githubgithub.com/NS-Sp4ce/Vm4J209githubgithub.com/takito1812/log4j-detect195githubgithub.com/HyCraftHD/Log4J-RCE-Proof-Of-Concept182githubgithub.com/alexandre-lavoie/python-log4rce178githubgithub.com/puzzlepeaches/Log4jUnifi168githubgithub.com/mubix/CVE-2021-44228-Log4Shell-Hashes155githubgithub.com/BinaryDefense/log4j-honeypot-flask151githubgithub.com/NorthwaveSecurity/log4jcheck126githubgithub.com/boundaryx/cloudrasp-log4j2125githubgithub.com/simonis/Log4jPatch108githubgithub.com/Adikso/minecraft-log4j-honeypot107githubgithub.com/puzzlepeaches/Log4jCenter106githubgithub.com/0xDexter0us/Log4J-Scanner102githubgithub.com/MalwareTech/Log4jTools94githubgithub.com/thomaspatzke/Log4Pot94githubgithub.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce90githubgithub.com/alexbakker/log4shell-tools86githubgithub.com/giterlizzi/nmap-log4shell78githubgithub.com/LiveOverflow/log4shell72githubgithub.com/cyberxml/log4j-poc72githubgithub.com/nccgroup/log4j-jndi-be-gone72githubgithub.com/bigsizeme/Log4j-check70githubgithub.com/future-client/CVE-2021-4422866githubgithub.com/lucab85/log4j-cve-2021-4422857githubgithub.com/authomize/log4j-log4shell-affected52githubgithub.com/CreeperHost/Log4jPatcher49githubgithub.com/CodeShield-Security/Log4JShell-Bytecode-Detector49githubgithub.com/redhuntlabs/Log4JHunt46githubgithub.com/dtact/divd-2021-00038--log4j-scanner46githubgithub.com/RedDrip7/Log4Shell_CVE-2021-44228_related_attacks_IOCs45githubgithub.com/1lann/log4shelldetect45githubgithub.com/stripe/log4j-remediation-tools40githubgithub.com/HynekPetrak/log4shell-finder39githubgithub.com/infiniroot/nginx-mitigate-log4shell38githubgithub.com/Y0-kan/Log4jShell-Scan38githubgithub.com/hackinghippo/log4shell_ioc_ips37githubgithub.com/fireeye/CVE-2021-4422837githubgithub.com/greymd/CVE-2021-4422835githubgithub.com/darkarnium/Log4j-CVE-Detect35githubgithub.com/sassoftware/loguccino33githubgithub.com/Jeromeyoung/log4j2burpscanner32githubgithub.com/twseptian/spring-boot-log4j-cve-2021-44228-docker-lab28githubgithub.com/qingtengyun/cve-2021-44228-qingteng-online-patch25githubgithub.com/r3kind1e/Log4Shell-obfuscated-payloads-generator25githubgithub.com/mufeedvh/log4jail23githubgithub.com/toramanemre/log4j-rce-detect-waf-bypass23githubgithub.com/pedrohavay/exploit-CVE-2021-4422820githubgithub.com/Glease/Healer19githubgithub.com/corelight/cve-2021-4422819githubgithub.com/faisalfs10x/Log4j2-CVE-2021-44228-revshell18githubgithub.com/blake-fm/vcenter-log4j17githubgithub.com/ab0x90/CVE-2021-44228_PoC16githubgithub.com/Malwar3Ninja/Exploitation-of-Log4j2-CVE-2021-4422816githubgithub.com/lhotari/log4shell-mitigation-tester16githubgithub.com/ossie-git/log4shell_sentinel14githubgithub.com/mitiga/log4shell-cloud-scanner14githubgithub.com/snow0715/log4j-Scan-Burpsuite13githubgithub.com/zsolt-halo/Log4J-Log4Shell-CVE-2021-44228-Spring-Boot-Test-Service13githubgithub.com/xsultan/log4jshield13githubgithub.com/Nanitor/log4fix12githubgithub.com/Hydragyrum/evil-rmi-server12githubgithub.com/rakutentech/jndi-ldap-test-server11githubgithub.com/claranet/ansible-role-log4shell11githubgithub.com/thecyberneh/Log4j-RCE-Exploiter11githubgithub.com/roxas-tan/CVE-2021-4422810githubgithub.com/kubearmor/log4j-CVE-2021-442289githubgithub.com/qingtengyun/cve-2021-44228-qingteng-patch9githubgithub.com/immunityinc/Log4j-JNDIServer9githubgithub.com/Sh0ckFR/log4j-CVE-2021-44228-Public-IoCs9githubgithub.com/obscuritylabs/log4shell-poc-lab9githubgithub.com/wortell/log4j9githubgithub.com/Tai-e/CVE-2021-442289githubgithub.com/DXC-StrikeForce/Burp-Log4j-HammerTime8githubgithub.com/lfama/log4j_checker8githubgithub.com/Labout/log4shell-rmi-poc8githubgithub.com/atnetws/fail2ban-log4j8githubgithub.com/cybersecurityworks553/log4j-shell-csw8githubgithub.com/sunnyvale-it/CVE-2021-44228-PoC8githubgithub.com/Azeemering/CVE-2021-44228-DFIR-Notes7githubgithub.com/mschmnet/Log4Shell-demo7githubgithub.com/OopsieWoopsie/mc-log4j-patcher7githubgithub.com/0xsyr0/Log4Shell7githubgithub.com/momos1337/Log4j-RCE7githubgithub.com/marcourbano/CVE-2021-442287githubgithub.com/KosmX/CVE-2021-44228-example7githubgithub.com/TaroballzChen/CVE-2021-44228-log4jVulnScanner-metasploit7githubgithub.com/KeysAU/Get-log4j-Windows.ps17githubgithub.com/r00thunter/Log4Shell7githubgithub.com/ssl/scan4log4j6githubgithub.com/irgoncalves/f5-waf-enforce-sig-CVE-2021-442286githubgithub.com/demining/Log4j-Vulnerability6githubgithub.com/DragonSurvivalEU/RCE6githubgithub.com/isuruwa/Log4j6githubgithub.com/justakazh/Log4j-CVE-2021-442286githubgithub.com/AlexandreHeroux/Fix-CVE-2021-442286githubgithub.com/OlafHaalstra/log4jcheck5githubgithub.com/snapattack/damn-vulnerable-log4j-app5githubgithub.com/suuhm/log4shell4shell5githubgithub.com/jacobtread/L4J-Vuln-Patch5githubgithub.com/phoswald/sample-ldap-exploit5githubgithub.com/many-fac3d-g0d/apache-tomcat-log4j5githubgithub.com/mrlnstk/cve-2021-44228-minecraft-poc5githubgithub.com/sud0x00/log4j-CVE-2021-442285githubgithub.com/winnpixie/log4noshell5githubgithub.com/manuel-alvarez-alvarez/log4j-cve-2021-442285githubgithub.com/KeysAU/Get-log4j-Windows-local5githubgithub.com/ankur-katiyar/log4j-docker5githubgithub.com/shamo0/CVE-2021-442284githubgithub.com/inettgmbh/checkmk-log4j-scanner4githubgithub.com/MrHarshvardhan/PY-Log4j-RCE-Scanner4githubgithub.com/nkoneko/VictimApp4githubgithub.com/corneacristian/Log4J-CVE-2021-44228-RCE4githubgithub.com/Koupah/MC-Log4j-Patcher4githubgithub.com/michaelsanford/Log4Shell-Honeypot4githubgithub.com/yesspider-hacker/log4j-payload-generator4githubgithub.com/Occamsec/log4j-checker4githubgithub.com/M1ngGod/CVE-2021-44228-Log4j-lookup-Rce4githubgithub.com/dbzoo/log4j_scanner4githubgithub.com/ycdxsb/Log4Shell-CVE-2021-44228-ENV4githubgithub.com/toramanemre/apache-solr-log4j-CVE-2021-442284githubgithub.com/sinakeshmiri/log4jScan4githubgithub.com/Kr0ff/CVE-2021-442284githubgithub.com/zzzz0317/log4j2-vulnerable-spring-app4githubgithub.com/lucab85/ansible-role-log4shell4githubgithub.com/TheInterception/Log4J-Simulation-Tool4githubgithub.com/irgoncalves/f5-waf-quick-patch-cve-2021-442283githubgithub.com/threatmonit/Log4j-IOCs3githubgithub.com/madCdan/JndiLookup3githubgithub.com/vorburger/Log4j_CVE-2021-442283githubgithub.com/pmontesd/log4j-cve-2021-442283githubgithub.com/KirkDJohnson/Wireshark3githubgithub.com/codiobert/log4j-scanner3githubgithub.com/ubitech/cve-2021-44228-rce-poc3githubgithub.com/zlepper/CVE-2021-44228-Test-Server3githubgithub.com/mss/log4shell-hotfix-side-effect3githubgithub.com/alexandreroman/cve-2021-44228-workaround-buildpack3githubgithub.com/Joefreedy/Log4j-Windows-Scanner3githubgithub.com/saharNooby/log4j-vulnerability-patcher-agent3githubgithub.com/Sma-Das/Log4j-PoC3githubgithub.com/tadash10/Exploiting-CVE-2021-44228-Log4Shell-in-a-Banking-Environment3githubgithub.com/CrackerCat/CVE-2021-44228-Log4j-Payloads3githubgithub.com/hotpotcookie/CVE-2021-44228-white-box3githubgithub.com/badb33f/Apache-Log4j-POC3githubgithub.com/unlimitedsola/log4j2-rce-poc3githubgithub.com/anuvindhs/how-to-check-patch-secure-log4j-CVE-2021-442282githubgithub.com/1in9e/Apache-Log4j2-RCE2githubgithub.com/binganao/Log4j2-RCE2githubgithub.com/byteboycn/CVE-2021-44228-Apache-Log4j-Rce2githubgithub.com/b-abderrahmane/CVE-2021-44228-playground2githubgithub.com/mkhazamipour/log4j-vulnerable-app-cve-2021-44228-terraform2githubgithub.com/jeffbryner/log4j-docker-vaccine2githubgithub.com/mzlogin/CVE-2021-44228-Demo2githubgithub.com/tasooshi/horrors-log4shell2githubgithub.com/dotPY-hax/log4py2githubgithub.com/ph0lk3r/anti-jndi2githubgithub.com/thedevappsecguy/Log4J-Mitigation-CVE-2021-44228--CVE-2021-45046--CVE-2021-45105--CVE-2021-448322githubgithub.com/avwolferen/Sitecore.Solr-log4j-mitigation2githubgithub.com/george-petrakis/log4j-scanner-CVE-2021-442282githubgithub.com/jeffli1024/log4j-rce-test2githubgithub.com/taurusxin/CVE-2021-442282githubgithub.com/perryflynn/find-log4j2githubgithub.com/alpacamybags118/log4j-cve-2021-44228-sample2githubgithub.com/VinniMarcon/Log4j-Updater2githubgithub.com/alenazi90/log4j2githubgithub.com/aws-samples/kubernetes-log4j-cve-2021-44228-node-agent2githubgithub.com/korteke/log4shell-demo2githubgithub.com/Fazmin/vCenter-Server-Workaround-Script-CVE-2021-442282githubgithub.com/spasam/log4j2-exploit2githubgithub.com/julian911015/Log4j-Scanner-Exploit2githubgithub.com/chandru-gunasekaran/log4j-fix-CVE-2021-442282githubgithub.com/BabooPan/Log4Shell-CVE-2021-44228-Demo2githubgithub.com/Vulnmachines/log4jshell_CVE-2021-442282githubgithub.com/dcm2406/CVE-Lab2githubgithub.com/lathika-3006/Solar-exploiting-log-4j2githubgithub.com/mn-io/log4j-spring-vuln-poc1githubgithub.com/JiuBanSec/Log4j-CVE-2021-442281githubgithub.com/lhotari/pulsar-docker-images-patch-CVE-2021-442281githubgithub.com/pravin-pp/log4j2-CVE-2021-442281githubgithub.com/p3dr16k/log4j-1.2.15-mod1githubgithub.com/chilliwebs/CVE-2021-44228_Example1githubgithub.com/Apipia/log4j-pcap-activity1githubgithub.com/dpomnean/log4j_scanner_wrapper1githubgithub.com/gcmurphy/chk_log4j1githubgithub.com/Woahd/log4j-urlscanner1githubgithub.com/danieljosmariyan7254/TryHackMe-Solar-exploiting-log4j-1githubgithub.com/kali-dass/CVE-2021-44228-log4Shell1githubgithub.com/qw3rtyou/CVE-2021-44228_dockernize1githubgithub.com/Panyaprach/Prove-CVE-2021-442281githubgithub.com/Carlos-Mesquita/TPASLog4ShellPoC1githubgithub.com/Hoanle396/CVE-2021-44228-demo1githubgithub.com/sec13b/CVE-2021-44228-POC1githubgithub.com/trickyearlobe/inspec-log4j1githubgithub.com/cado-security/log4shell1githubgithub.com/RrUZi/Awesome-CVE-2021-442281githubgithub.com/DiCanio/CVE-2021-44228-docker-example1githubgithub.com/Rk-000/Log4j_scan_Advance1githubgithub.com/uint0/cve-2021-44228--spring-hibernate1githubgithub.com/helsecert/CVE-2021-442281githubgithub.com/VerveIndustrialProtection/CVE-2021-44228-Log4j1githubgithub.com/demonrvm/Log4ShellRemediation1githubgithub.com/horrister/log4shell-cve-2021-442281githubgithub.com/pierpaolosestito-dev/Log4Shell-CVE-2021-44228-PoC1githubgithub.com/guerzon/log4shellpoc1githubgithub.com/MarceloLeite2604/log4j-vulnerability1githubgithub.com/sourcegraph/log4j-cve-code-search-resources1githubgithub.com/andalik/log4j-filescan1githubgithub.com/halibobor/log4j21githubgithub.com/srcporter/CVE-2021-442281githubgithub.com/Aschen/log4j-patched1githubgithub.com/gyaansastra/CVE-2021-442281githubgithub.com/bcdunbar/CVE-2021-44228-poc1githubgithub.com/rgl/log4j-log4shell-playground1githubgithub.com/TPower2112/Writing-Sample-11githubgithub.com/nu11secur1ty/CVE-2021-44228-VULN-APP1githubgithub.com/jaehnri/CVE-2021-442281githubgithub.com/kal1gh0st/MyLog4Shell1githubgithub.com/kimobu/cve-2021-442281githubgithub.com/moshuum/tf-log4j-aws-poc1githubgithub.com/Vulnmachines/log4j-cve-2021-442280githubgithub.com/kannthu/CVE-2021-44228-Apache-Log4j-Rce0githubgithub.com/zhangxvx/Log4j-Rec-CVE-2021-442280githubgithub.com/wajda/log4shell-test-exploit0githubgithub.com/LemonCraftRu/JndiRemover0githubgithub.com/bhimsekhar/vulnerable-java-app0githubgithub.com/Grupo-Kapa-7/CVE-2021-44228-Log4j-PoC-RCE0githubgithub.com/sysadmin0815/Fix-Log4j-PowershellScript0githubgithub.com/RenYuH/log4j-lookups-vulnerability0githubgithub.com/scheibling/py-log4shellscanner0githubgithub.com/zaneef/CVE-2021-442280githubgithub.com/metodidavidovic/log4j-quick-scan0githubgithub.com/WatchGuard-Threat-Lab/log4shell-iocs0githubgithub.com/nikolas-charalambidis/cve-2021-442280githubgithub.com/m0rath/detect-log4j-exploitable0githubgithub.com/datadavev/test-442280githubgithub.com/WYSIIWYG/Log4J_0day_RCE0githubgithub.com/DANSI/PowerShell-Log4J-Scanner0githubgithub.com/suniastar/scan-log4shell0githubgithub.com/shivakumarjayaraman/log4jvulnerability-CVE-2021-442280githubgithub.com/j3kz/CVE-2021-44228-PoC0githubgithub.com/axelcurmi/log4shell-docker-lab0githubgithub.com/otaviokr/log4j-2021-vulnerability-study0githubgithub.com/kkyehit/log4j_CVE-2021-442280githubgithub.com/leetxyz/CVE-2021-44228-Advisories0githubgithub.com/gauthamg/log4j2021_vul_test0githubgithub.com/TheArqsz/CVE-2021-44228-PoC0githubgithub.com/TotallyNotAHaxxer/f-for-java0githubgithub.com/bumheehan/cve-2021-44228-log4j-test0githubgithub.com/racoon-rac/CVE-2021-442280githubgithub.com/hmxh123/Log4Shell-Vulnerability-Replication0githubgithub.com/Codepumpking/log4shell-poc0githubgithub.com/intel-xeon/CVE-2021-44228---detection-with-PowerShell0githubgithub.com/limxuan/ehir-vuln-enterprise-login0githubgithub.com/izzyacademy/log4shell-mitigation0githubgithub.com/wheezysec/CVE-2021-44228-kusto0githubgithub.com/xx-zhang/apache-log4j2-CVE-2021-442280githubgithub.com/r00thunter/Log4Shell-Scanner0githubgithub.com/rejupillai/log4j2-hack-springboot0githubgithub.com/DAADAISMYLIFE/log4shell-lab0githubgithub.com/dbgee/CVE-2021-442280githubgithub.com/vutiendat323/CVE-2021-44228_Log4Shell0githubgithub.com/ssl-user-en/Log4j-Scanner-Exploit0githubgithub.com/BJLIYANLIANG/log4j-scanner0githubgithub.com/grimch/log4j-CVE-2021-44228-workaround0githubgithub.com/Toolsec/log4j-scan0githubgithub.com/bsigouin/log4shell-vulnerable-app0githubgithub.com/ToxicEnvelope/XSYS-Log4J2Shell-Ex0githubgithub.com/felipe8398/ModSec-log4j20githubgithub.com/c3-h2/Log4j_Attacker_IPList0githubgithub.com/mazhar-hassan/log4j-vulnerability0githubgithub.com/xungzzz/VTI-IOCs-CVE-2021-442280githubgithub.com/s-retlaw/l4s_poc0githubgithub.com/Ravid-CheckMarx/CVE-2021-44228-Apache-Log4j-Rce-main0githubgithub.com/LinkMJB/log4shell_scanner0githubgithub.com/PoneyClairDeLune/LogJackFix0githubgithub.com/romanutti/log4shell-vulnerable-app0githubgithub.com/mklinkj/log4j2-test0githubgithub.com/alexpena5635/CVE-2021-44228_scanner-main-Modified-0githubgithub.com/aajuvonen/log4stdin0githubgithub.com/IAmNewbieZ/CVE-2021-442280githubgithub.com/s-retlaw/l4srs0githubgithub.com/Willian-2-0-0-1/Log4j-Exploit-CVE-2021-442280githubgithub.com/Phineas09/CVE-2021-442280githubgithub.com/yuuki1967/CVE-2021-44228-Apache-Log4j-Rce0githubgithub.com/cbuschka/log4j2-rce-recap0githubgithub.com/dark-ninja10/Log4j-CVE-2021-442280githubgithub.com/rodfer0x80/log4j2-prosecutor0githubgithub.com/34zY/JNDI-Exploit-1.2-log4shell0githubgithub.com/didoatanasov/cve-2021-442280githubgithub.com/ShaneKingBlog/org.shaneking.demo.cve.y2021.s442280githubgithub.com/municipalparkingservices/CVE-2021-44228-Scanner0githubgithub.com/tobiasoed/log4j-CVE-2021-442280githubgithub.com/kossatzd/log4j-CVE-2021-44228-test0githubgithub.com/flxhaas/Scan-CVE-2021-442280githubgithub.com/VNYui/CVE-2021-442280githubgithub.com/1hakusai1/log4j-rce-CVE-2021-442280githubgithub.com/LutziGoz/Log4J_Exploitation-Vulnerabiliy__CVE-2021-442280githubgithub.com/lov3r/cve-2021-44228-log4j-exploits0githubgithub.com/0xThiebaut/CVE-2021-442280githubgithub.com/Camphul/log4shell-spring-framework-research0githubgithub.com/tuyenee/Log4shell0githubgithub.com/jeremyrsellars/CVE-2021-44228_scanner0githubgithub.com/sajanapamuditha/Cyber-Attack-Simulation-0githubgithub.com/bhprin/log4j-vul0githubgithub.com/avirahul007/CVE-2021-442280githubgithub.com/neilc1964techned/craready-test-java-vulns0githubgithub.com/markuman/aws-log4j-mitigations0githubgithub.com/jyotisahu98/logpresso-CVE-2021-44228-Scanner0githubgithub.com/MeterianHQ/log4j-vuln-coverage-check0githubgithub.com/maxant/log4j2-CVE-2021-442280githubgithub.com/honeynet/log4shell-data0githubgithub.com/b1tm0n3r/CVE-2021-442280githubgithub.com/MAFO-sec/mi-laboratorio-log4shell0githubgithub.com/fireflyingup/log4j-poc0githubgithub.com/guardicode/CVE-2021-44228_IoCs0githubgithub.com/felisha-elmer/Sandbox-Challenge-Log4Shell-CVE-2021-44228-0githubgithub.com/lohanichaten/log4j-cve-2021-442280githubgithub.com/urholaukkarinen/docker-log4shell0githubgithub.com/rv4l3r3/log4v-vuln-check0githubgithub.com/Crane-Mocker/log4j-poc0githubgithub.com/uint0/cve-2021-44228-helpers0githubgithub.com/jomjosh17/Log4Shell-CVE-2021-44228-0githubgithub.com/recanavar/vuln_spring_log4j20githubgithub.com/creamIcec/CVE-2021-44228-Apache-Log4j-Rce__review0githubgithub.com/lonecloud/CVE-2021-44228-Apache-Log4j0githubgithub.com/axisops/CVE-2021-442280githubgithub.com/hozyx/log4shell0githubgithub.com/andypitcher/Log4J_checker0githubgithub.com/0xBlackash/CVE-2021-442280githubgithub.com/wmohamed2033/wmohamed2033.github.io0githubgithub.com/Saru1718/THM---Solar-exploiting-Log-4j0githubgithub.com/Lavanya2085/solar-exploiting-log4j0githubgithub.com/jdormannn/SecureOps-Lab0githubgithub.com/joaovicdev/EXPLOIT-CVE-2021-442280githubgithub.com/pinaraltinok/Log4Shell-Attack0githubgithub.com/Contrast-Security-OSS/CVE-2021-442280githubgithub.com/snatalius/log4j2-CVE-2021-44228-poc-local0githubgithub.com/chilit-nl/log4shell-example0githubgithub.com/kaleth4/CVE-2021-442280githubgithub.com/tieupham267/log4shell-coraza0githubgithub.com/sandarenu/log4j2-issue-check0githubgithub.com/roticagas/CVE-2021-44228-Demo0githubgithub.com/tica506/Siem-queries-for-CVE-2021-442280githubgithub.com/strawhatasif/log4j-test0githubgithub.com/ben-smash/l4j-info0githubgithub.com/yanghaoi/CVE-2021-44228_Log4Shell0githubgithub.com/andrii-kovalenko-celonis/log4j-vulnerability-demo0githubgithub.com/ra890927/Log4Shell-CVE-2021-44228-Demo0githubgithub.com/vino-theva/CVE-2021-442280githubgithub.com/tharindudh/tharindudh-Log4j-Vulnerability-in-Ghidra-tool-CVE-2021-442280githubgithub.com/eurogig/jankybank0githubgithub.com/digital-dev/Log4j-CVE-2021-44228-Remediation0githubgithub.com/ocastel/log4j-shell-poc0githubgithub.com/sqsec/log4j2_CVE-2021-442280githubgithub.com/Sumitpathania03/LOG4J-CVE-2021-442280githubgithub.com/53buahapel/log4shell-vulnweb0githubgithub.com/funcid/log4j-exploit-fork-bomb0githubgithub.com/Muhammad-Ali007/Log4j_CVE-2021-442280githubgithub.com/roshanshibu/Odysseus0githubgithub.com/LucasPDiniz/CVE-2021-442280githubgithub.com/felixslama/log4shell-minecraft-demo0githubgithub.com/ShlomiRex/log4shell_lab0githubgithub.com/scabench/l4j-tp10githubgithub.com/scabench/l4j-fp10githubgithub.com/KtokKawu/l4s-vulnapp0githubgithub.com/agylabs/log4shell-remediation0githubgithub.com/YangHyperData/LOGJ4_PocShell_CVE-2021-442280githubgithub.com/NikitaPark/Log4Shell-PoC-Application0githubgithub.com/FacundoMfernandez/pentesting-obioba0githubgithub.com/asd58584388/CVE-2021-442280githubgithub.com/OtisSymbos/CVE-2021-44228-Log4Shell-0githubgithub.com/safeer-accuknox/log4j-shell-poc0githubgithub.com/AhmedMansour93/-Unveiling-the-Lessons-from-Log4Shell-A-Wake-Up-Call-for-Cybersecurity-0githubgithub.com/Super-Binary/cve-2021-442280githubgithub.com/ZacharyZcR/CVE-2021-442280githubgithub.com/aaronm-sysdig/log4j-vuln-demo0githubgithub.com/yadavmukesh/Log4Shell-vulnerability-CVE-2021-44228-0githubgithub.com/tpdlshdmlrkfmcla/Log4shell0githubgithub.com/timothyjxhn/DeliberatelyVulnerableWebApp0githubgithub.com/khaidtraivch/CVE-2021-44228-Log4Shell-0githubgithub.com/Fauzan-Aldi/Log4j-_Vulnerability0githubgithub.com/SerpilRivas/log4shell-homework90githubgithub.com/x1ongsec/CVE-2021-44228-Log4j-JNDI0githubgithub.com/fabioeletto/hka-seminar-log4shell0githubgithub.com/cuijiung/log4j-CVE-2021-442280githubgithub.com/Sorrence/CVE-2021-442280githubgithub.com/moften/Log4Shell0githubgithub.com/KamalideenAK/Microsoft-Defender-for-Endpoint-Deployment-on-Windows-10-11-device0githubgithub.com/arabindadora/log4shell0githubgithub.com/Mintimate/log4j2-bugmaker0githubgithub.com/mgueye3/Log4Shell0githubgithub.com/PCMKUIT/CVE-2021-44228---Log4Shell-Analysis0githubgithub.com/DrHaitham/Log4Shell-CVE-2021-442280githubgithub.com/Loliverte/Log4j-Vulnerability0githubgithub.com/JoseMariaMicoli/Log4Shell-PoC0cve_referencepacketstormsecurity.com/files/165282/Log4j-Payload-Generator.htmlunverifiedcve_referencepacketstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.htmlunverifiedcve_referencepacketstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.htmlunverifiedcve_referencepacketstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50592unverifiedcve_referencepacketstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/51183unverifiedcve_referencepacketstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.htmlunverifiedcve_referencepacketstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50590unverifiedcve_referencepacketstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.htmlunverifiedcve_referencepacketstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.htmlunverifiedcve_referencepacketstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.htmlunverifiedcve_referencepacketstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.htmlhttp://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.htmlhttp://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.htmlhttp://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.htmlhttp://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.htmlhttp://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.htmlhttp://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.htmlhttp://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.htmlhttp://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html