← voltar
CVE-2021-44228

Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints

CVSS 10 CRITICALEPSS 100.0%● KEVCWE-20CWE-400CWE-502
Em resumo

O Apache Log4j2 permite que atacantes executem código malicioso ao injetar comandos em mensagens de log. Se uma aplicação usa uma versão vulnerável do Log4j2 e registra dados controlados pelo usuário, um atacante pode disparar execução de código a partir de servidores remotos.

Detalhe técnico

CVE-2021-44228 explora lookups JNDI (Java Naming and Directory Interface) inseguros no Log4j2 nas versões 2.0-beta9 até 2.15.0 quando a substituição de lookup de mensagens está ativada. Um atacante controlando o conteúdo de mensagens de log pode injetar expressões JNDI que carregam e executam código arbitrário de endpoints LDAP ou RMI controlados pelo atacante. Requer que a aplicação registre dados influenciados pelo atacante sem sanitização.

Resumo gerado e traduzido por IA a partir da descrição oficial.
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
Apache Software Foundation · Apache Log4j2
PoCs públicas encontradas428
githubgithub.com/fullhunt/log4j-scan3426githubgithub.com/kozmer/log4j-shell-poc1849githubgithub.com/christophetd/log4shell-vulnerable-app1142githubgithub.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words950githubgithub.com/logpresso/CVE-2021-44228-Scanner862githubgithub.com/f0ng/log4j2burpscanner844githubgithub.com/mergebase/log4j-detector640githubgithub.com/corretto/hotpatch-for-apache-log4j2497githubgithub.com/jas502n/Log4j2-CVE-2021-44228469githubgithub.com/fox-it/log4j-finder439githubgithub.com/0xInfection/LogMePwn395githubgithub.com/Diverto/nse-log4shell352githubgithub.com/CERTCC/CVE-2021-44228_scanner349githubgithub.com/back2root/log4shell-rex292githubgithub.com/rubo77/log4j_checker_beta247githubgithub.com/NS-Sp4ce/Vm4J209githubgithub.com/takito1812/log4j-detect195githubgithub.com/HyCraftHD/Log4J-RCE-Proof-Of-Concept182githubgithub.com/alexandre-lavoie/python-log4rce178githubgithub.com/puzzlepeaches/Log4jUnifi168githubgithub.com/mubix/CVE-2021-44228-Log4Shell-Hashes155githubgithub.com/BinaryDefense/log4j-honeypot-flask151githubgithub.com/NorthwaveSecurity/log4jcheck126githubgithub.com/boundaryx/cloudrasp-log4j2125githubgithub.com/simonis/Log4jPatch108githubgithub.com/Adikso/minecraft-log4j-honeypot107githubgithub.com/puzzlepeaches/Log4jCenter106githubgithub.com/0xDexter0us/Log4J-Scanner102githubgithub.com/MalwareTech/Log4jTools94githubgithub.com/thomaspatzke/Log4Pot94githubgithub.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce90githubgithub.com/alexbakker/log4shell-tools86githubgithub.com/giterlizzi/nmap-log4shell78githubgithub.com/LiveOverflow/log4shell72githubgithub.com/cyberxml/log4j-poc72githubgithub.com/nccgroup/log4j-jndi-be-gone72githubgithub.com/bigsizeme/Log4j-check70githubgithub.com/future-client/CVE-2021-4422866githubgithub.com/lucab85/log4j-cve-2021-4422857githubgithub.com/authomize/log4j-log4shell-affected52githubgithub.com/CreeperHost/Log4jPatcher49githubgithub.com/CodeShield-Security/Log4JShell-Bytecode-Detector49githubgithub.com/redhuntlabs/Log4JHunt46githubgithub.com/dtact/divd-2021-00038--log4j-scanner46githubgithub.com/RedDrip7/Log4Shell_CVE-2021-44228_related_attacks_IOCs45githubgithub.com/1lann/log4shelldetect45githubgithub.com/stripe/log4j-remediation-tools40githubgithub.com/HynekPetrak/log4shell-finder39githubgithub.com/infiniroot/nginx-mitigate-log4shell38githubgithub.com/Y0-kan/Log4jShell-Scan38githubgithub.com/hackinghippo/log4shell_ioc_ips37githubgithub.com/fireeye/CVE-2021-4422837githubgithub.com/greymd/CVE-2021-4422835githubgithub.com/darkarnium/Log4j-CVE-Detect35githubgithub.com/sassoftware/loguccino33githubgithub.com/Jeromeyoung/log4j2burpscanner32githubgithub.com/twseptian/spring-boot-log4j-cve-2021-44228-docker-lab28githubgithub.com/qingtengyun/cve-2021-44228-qingteng-online-patch25githubgithub.com/r3kind1e/Log4Shell-obfuscated-payloads-generator25githubgithub.com/mufeedvh/log4jail23githubgithub.com/toramanemre/log4j-rce-detect-waf-bypass23githubgithub.com/pedrohavay/exploit-CVE-2021-4422820githubgithub.com/Glease/Healer19githubgithub.com/corelight/cve-2021-4422819githubgithub.com/faisalfs10x/Log4j2-CVE-2021-44228-revshell18githubgithub.com/blake-fm/vcenter-log4j17githubgithub.com/ab0x90/CVE-2021-44228_PoC16githubgithub.com/Malwar3Ninja/Exploitation-of-Log4j2-CVE-2021-4422816githubgithub.com/lhotari/log4shell-mitigation-tester16githubgithub.com/ossie-git/log4shell_sentinel14githubgithub.com/mitiga/log4shell-cloud-scanner14githubgithub.com/snow0715/log4j-Scan-Burpsuite13githubgithub.com/zsolt-halo/Log4J-Log4Shell-CVE-2021-44228-Spring-Boot-Test-Service13githubgithub.com/xsultan/log4jshield13githubgithub.com/Nanitor/log4fix12githubgithub.com/Hydragyrum/evil-rmi-server12githubgithub.com/rakutentech/jndi-ldap-test-server11githubgithub.com/claranet/ansible-role-log4shell11githubgithub.com/thecyberneh/Log4j-RCE-Exploiter11githubgithub.com/roxas-tan/CVE-2021-4422810githubgithub.com/kubearmor/log4j-CVE-2021-442289githubgithub.com/qingtengyun/cve-2021-44228-qingteng-patch9githubgithub.com/immunityinc/Log4j-JNDIServer9githubgithub.com/Sh0ckFR/log4j-CVE-2021-44228-Public-IoCs9githubgithub.com/obscuritylabs/log4shell-poc-lab9githubgithub.com/wortell/log4j9githubgithub.com/Tai-e/CVE-2021-442289githubgithub.com/DXC-StrikeForce/Burp-Log4j-HammerTime8githubgithub.com/lfama/log4j_checker8githubgithub.com/Labout/log4shell-rmi-poc8githubgithub.com/atnetws/fail2ban-log4j8githubgithub.com/cybersecurityworks553/log4j-shell-csw8githubgithub.com/sunnyvale-it/CVE-2021-44228-PoC8githubgithub.com/Azeemering/CVE-2021-44228-DFIR-Notes7githubgithub.com/mschmnet/Log4Shell-demo7githubgithub.com/OopsieWoopsie/mc-log4j-patcher7githubgithub.com/0xsyr0/Log4Shell7githubgithub.com/momos1337/Log4j-RCE7githubgithub.com/marcourbano/CVE-2021-442287githubgithub.com/KosmX/CVE-2021-44228-example7githubgithub.com/TaroballzChen/CVE-2021-44228-log4jVulnScanner-metasploit7githubgithub.com/KeysAU/Get-log4j-Windows.ps17githubgithub.com/r00thunter/Log4Shell7githubgithub.com/ssl/scan4log4j6githubgithub.com/irgoncalves/f5-waf-enforce-sig-CVE-2021-442286githubgithub.com/demining/Log4j-Vulnerability6githubgithub.com/DragonSurvivalEU/RCE6githubgithub.com/isuruwa/Log4j6githubgithub.com/justakazh/Log4j-CVE-2021-442286githubgithub.com/AlexandreHeroux/Fix-CVE-2021-442286githubgithub.com/OlafHaalstra/log4jcheck5githubgithub.com/snapattack/damn-vulnerable-log4j-app5githubgithub.com/suuhm/log4shell4shell5githubgithub.com/jacobtread/L4J-Vuln-Patch5githubgithub.com/phoswald/sample-ldap-exploit5githubgithub.com/many-fac3d-g0d/apache-tomcat-log4j5githubgithub.com/mrlnstk/cve-2021-44228-minecraft-poc5githubgithub.com/sud0x00/log4j-CVE-2021-442285githubgithub.com/winnpixie/log4noshell5githubgithub.com/manuel-alvarez-alvarez/log4j-cve-2021-442285githubgithub.com/KeysAU/Get-log4j-Windows-local5githubgithub.com/ankur-katiyar/log4j-docker5githubgithub.com/shamo0/CVE-2021-442284githubgithub.com/inettgmbh/checkmk-log4j-scanner4githubgithub.com/MrHarshvardhan/PY-Log4j-RCE-Scanner4githubgithub.com/nkoneko/VictimApp4githubgithub.com/corneacristian/Log4J-CVE-2021-44228-RCE4githubgithub.com/Koupah/MC-Log4j-Patcher4githubgithub.com/michaelsanford/Log4Shell-Honeypot4githubgithub.com/yesspider-hacker/log4j-payload-generator4githubgithub.com/Occamsec/log4j-checker4githubgithub.com/M1ngGod/CVE-2021-44228-Log4j-lookup-Rce4githubgithub.com/dbzoo/log4j_scanner4githubgithub.com/ycdxsb/Log4Shell-CVE-2021-44228-ENV4githubgithub.com/toramanemre/apache-solr-log4j-CVE-2021-442284githubgithub.com/sinakeshmiri/log4jScan4githubgithub.com/Kr0ff/CVE-2021-442284githubgithub.com/zzzz0317/log4j2-vulnerable-spring-app4githubgithub.com/lucab85/ansible-role-log4shell4githubgithub.com/TheInterception/Log4J-Simulation-Tool4githubgithub.com/irgoncalves/f5-waf-quick-patch-cve-2021-442283githubgithub.com/threatmonit/Log4j-IOCs3githubgithub.com/madCdan/JndiLookup3githubgithub.com/vorburger/Log4j_CVE-2021-442283githubgithub.com/pmontesd/log4j-cve-2021-442283githubgithub.com/KirkDJohnson/Wireshark3githubgithub.com/codiobert/log4j-scanner3githubgithub.com/ubitech/cve-2021-44228-rce-poc3githubgithub.com/zlepper/CVE-2021-44228-Test-Server3githubgithub.com/mss/log4shell-hotfix-side-effect3githubgithub.com/alexandreroman/cve-2021-44228-workaround-buildpack3githubgithub.com/Joefreedy/Log4j-Windows-Scanner3githubgithub.com/saharNooby/log4j-vulnerability-patcher-agent3githubgithub.com/Sma-Das/Log4j-PoC3githubgithub.com/tadash10/Exploiting-CVE-2021-44228-Log4Shell-in-a-Banking-Environment3githubgithub.com/CrackerCat/CVE-2021-44228-Log4j-Payloads3githubgithub.com/hotpotcookie/CVE-2021-44228-white-box3githubgithub.com/badb33f/Apache-Log4j-POC3githubgithub.com/unlimitedsola/log4j2-rce-poc3githubgithub.com/anuvindhs/how-to-check-patch-secure-log4j-CVE-2021-442282githubgithub.com/1in9e/Apache-Log4j2-RCE2githubgithub.com/binganao/Log4j2-RCE2githubgithub.com/byteboycn/CVE-2021-44228-Apache-Log4j-Rce2githubgithub.com/b-abderrahmane/CVE-2021-44228-playground2githubgithub.com/mkhazamipour/log4j-vulnerable-app-cve-2021-44228-terraform2githubgithub.com/jeffbryner/log4j-docker-vaccine2githubgithub.com/mzlogin/CVE-2021-44228-Demo2githubgithub.com/tasooshi/horrors-log4shell2githubgithub.com/dotPY-hax/log4py2githubgithub.com/ph0lk3r/anti-jndi2githubgithub.com/thedevappsecguy/Log4J-Mitigation-CVE-2021-44228--CVE-2021-45046--CVE-2021-45105--CVE-2021-448322githubgithub.com/avwolferen/Sitecore.Solr-log4j-mitigation2githubgithub.com/george-petrakis/log4j-scanner-CVE-2021-442282githubgithub.com/jeffli1024/log4j-rce-test2githubgithub.com/taurusxin/CVE-2021-442282githubgithub.com/perryflynn/find-log4j2githubgithub.com/alpacamybags118/log4j-cve-2021-44228-sample2githubgithub.com/VinniMarcon/Log4j-Updater2githubgithub.com/alenazi90/log4j2githubgithub.com/aws-samples/kubernetes-log4j-cve-2021-44228-node-agent2githubgithub.com/korteke/log4shell-demo2githubgithub.com/Fazmin/vCenter-Server-Workaround-Script-CVE-2021-442282githubgithub.com/spasam/log4j2-exploit2githubgithub.com/julian911015/Log4j-Scanner-Exploit2githubgithub.com/chandru-gunasekaran/log4j-fix-CVE-2021-442282githubgithub.com/BabooPan/Log4Shell-CVE-2021-44228-Demo2githubgithub.com/Vulnmachines/log4jshell_CVE-2021-442282githubgithub.com/dcm2406/CVE-Lab2githubgithub.com/lathika-3006/Solar-exploiting-log-4j2githubgithub.com/mn-io/log4j-spring-vuln-poc1githubgithub.com/JiuBanSec/Log4j-CVE-2021-442281githubgithub.com/lhotari/pulsar-docker-images-patch-CVE-2021-442281githubgithub.com/pravin-pp/log4j2-CVE-2021-442281githubgithub.com/p3dr16k/log4j-1.2.15-mod1githubgithub.com/chilliwebs/CVE-2021-44228_Example1githubgithub.com/Apipia/log4j-pcap-activity1githubgithub.com/dpomnean/log4j_scanner_wrapper1githubgithub.com/gcmurphy/chk_log4j1githubgithub.com/Woahd/log4j-urlscanner1githubgithub.com/danieljosmariyan7254/TryHackMe-Solar-exploiting-log4j-1githubgithub.com/kali-dass/CVE-2021-44228-log4Shell1githubgithub.com/qw3rtyou/CVE-2021-44228_dockernize1githubgithub.com/Panyaprach/Prove-CVE-2021-442281githubgithub.com/Carlos-Mesquita/TPASLog4ShellPoC1githubgithub.com/Hoanle396/CVE-2021-44228-demo1githubgithub.com/sec13b/CVE-2021-44228-POC1githubgithub.com/trickyearlobe/inspec-log4j1githubgithub.com/cado-security/log4shell1githubgithub.com/RrUZi/Awesome-CVE-2021-442281githubgithub.com/DiCanio/CVE-2021-44228-docker-example1githubgithub.com/Rk-000/Log4j_scan_Advance1githubgithub.com/uint0/cve-2021-44228--spring-hibernate1githubgithub.com/helsecert/CVE-2021-442281githubgithub.com/VerveIndustrialProtection/CVE-2021-44228-Log4j1githubgithub.com/demonrvm/Log4ShellRemediation1githubgithub.com/horrister/log4shell-cve-2021-442281githubgithub.com/pierpaolosestito-dev/Log4Shell-CVE-2021-44228-PoC1githubgithub.com/guerzon/log4shellpoc1githubgithub.com/MarceloLeite2604/log4j-vulnerability1githubgithub.com/sourcegraph/log4j-cve-code-search-resources1githubgithub.com/andalik/log4j-filescan1githubgithub.com/halibobor/log4j21githubgithub.com/srcporter/CVE-2021-442281githubgithub.com/Aschen/log4j-patched1githubgithub.com/gyaansastra/CVE-2021-442281githubgithub.com/bcdunbar/CVE-2021-44228-poc1githubgithub.com/rgl/log4j-log4shell-playground1githubgithub.com/TPower2112/Writing-Sample-11githubgithub.com/nu11secur1ty/CVE-2021-44228-VULN-APP1githubgithub.com/jaehnri/CVE-2021-442281githubgithub.com/kal1gh0st/MyLog4Shell1githubgithub.com/kimobu/cve-2021-442281githubgithub.com/moshuum/tf-log4j-aws-poc1githubgithub.com/Vulnmachines/log4j-cve-2021-442280githubgithub.com/kannthu/CVE-2021-44228-Apache-Log4j-Rce0githubgithub.com/zhangxvx/Log4j-Rec-CVE-2021-442280githubgithub.com/wajda/log4shell-test-exploit0githubgithub.com/LemonCraftRu/JndiRemover0githubgithub.com/bhimsekhar/vulnerable-java-app0githubgithub.com/Grupo-Kapa-7/CVE-2021-44228-Log4j-PoC-RCE0githubgithub.com/sysadmin0815/Fix-Log4j-PowershellScript0githubgithub.com/RenYuH/log4j-lookups-vulnerability0githubgithub.com/scheibling/py-log4shellscanner0githubgithub.com/zaneef/CVE-2021-442280githubgithub.com/metodidavidovic/log4j-quick-scan0githubgithub.com/WatchGuard-Threat-Lab/log4shell-iocs0githubgithub.com/nikolas-charalambidis/cve-2021-442280githubgithub.com/m0rath/detect-log4j-exploitable0githubgithub.com/datadavev/test-442280githubgithub.com/WYSIIWYG/Log4J_0day_RCE0githubgithub.com/DANSI/PowerShell-Log4J-Scanner0githubgithub.com/suniastar/scan-log4shell0githubgithub.com/shivakumarjayaraman/log4jvulnerability-CVE-2021-442280githubgithub.com/j3kz/CVE-2021-44228-PoC0githubgithub.com/axelcurmi/log4shell-docker-lab0githubgithub.com/otaviokr/log4j-2021-vulnerability-study0githubgithub.com/kkyehit/log4j_CVE-2021-442280githubgithub.com/leetxyz/CVE-2021-44228-Advisories0githubgithub.com/gauthamg/log4j2021_vul_test0githubgithub.com/TheArqsz/CVE-2021-44228-PoC0githubgithub.com/TotallyNotAHaxxer/f-for-java0githubgithub.com/bumheehan/cve-2021-44228-log4j-test0githubgithub.com/racoon-rac/CVE-2021-442280githubgithub.com/hmxh123/Log4Shell-Vulnerability-Replication0githubgithub.com/Codepumpking/log4shell-poc0githubgithub.com/intel-xeon/CVE-2021-44228---detection-with-PowerShell0githubgithub.com/limxuan/ehir-vuln-enterprise-login0githubgithub.com/izzyacademy/log4shell-mitigation0githubgithub.com/wheezysec/CVE-2021-44228-kusto0githubgithub.com/xx-zhang/apache-log4j2-CVE-2021-442280githubgithub.com/r00thunter/Log4Shell-Scanner0githubgithub.com/rejupillai/log4j2-hack-springboot0githubgithub.com/DAADAISMYLIFE/log4shell-lab0githubgithub.com/dbgee/CVE-2021-442280githubgithub.com/vutiendat323/CVE-2021-44228_Log4Shell0githubgithub.com/ssl-user-en/Log4j-Scanner-Exploit0githubgithub.com/BJLIYANLIANG/log4j-scanner0githubgithub.com/grimch/log4j-CVE-2021-44228-workaround0githubgithub.com/Toolsec/log4j-scan0githubgithub.com/bsigouin/log4shell-vulnerable-app0githubgithub.com/ToxicEnvelope/XSYS-Log4J2Shell-Ex0githubgithub.com/felipe8398/ModSec-log4j20githubgithub.com/c3-h2/Log4j_Attacker_IPList0githubgithub.com/mazhar-hassan/log4j-vulnerability0githubgithub.com/xungzzz/VTI-IOCs-CVE-2021-442280githubgithub.com/s-retlaw/l4s_poc0githubgithub.com/Ravid-CheckMarx/CVE-2021-44228-Apache-Log4j-Rce-main0githubgithub.com/LinkMJB/log4shell_scanner0githubgithub.com/PoneyClairDeLune/LogJackFix0githubgithub.com/romanutti/log4shell-vulnerable-app0githubgithub.com/mklinkj/log4j2-test0githubgithub.com/alexpena5635/CVE-2021-44228_scanner-main-Modified-0githubgithub.com/aajuvonen/log4stdin0githubgithub.com/IAmNewbieZ/CVE-2021-442280githubgithub.com/s-retlaw/l4srs0githubgithub.com/Willian-2-0-0-1/Log4j-Exploit-CVE-2021-442280githubgithub.com/Phineas09/CVE-2021-442280githubgithub.com/yuuki1967/CVE-2021-44228-Apache-Log4j-Rce0githubgithub.com/cbuschka/log4j2-rce-recap0githubgithub.com/dark-ninja10/Log4j-CVE-2021-442280githubgithub.com/rodfer0x80/log4j2-prosecutor0githubgithub.com/34zY/JNDI-Exploit-1.2-log4shell0githubgithub.com/didoatanasov/cve-2021-442280githubgithub.com/ShaneKingBlog/org.shaneking.demo.cve.y2021.s442280githubgithub.com/municipalparkingservices/CVE-2021-44228-Scanner0githubgithub.com/tobiasoed/log4j-CVE-2021-442280githubgithub.com/kossatzd/log4j-CVE-2021-44228-test0githubgithub.com/flxhaas/Scan-CVE-2021-442280githubgithub.com/VNYui/CVE-2021-442280githubgithub.com/1hakusai1/log4j-rce-CVE-2021-442280githubgithub.com/LutziGoz/Log4J_Exploitation-Vulnerabiliy__CVE-2021-442280githubgithub.com/lov3r/cve-2021-44228-log4j-exploits0githubgithub.com/0xThiebaut/CVE-2021-442280githubgithub.com/Camphul/log4shell-spring-framework-research0githubgithub.com/tuyenee/Log4shell0githubgithub.com/jeremyrsellars/CVE-2021-44228_scanner0githubgithub.com/sajanapamuditha/Cyber-Attack-Simulation-0githubgithub.com/bhprin/log4j-vul0githubgithub.com/avirahul007/CVE-2021-442280githubgithub.com/neilc1964techned/craready-test-java-vulns0githubgithub.com/markuman/aws-log4j-mitigations0githubgithub.com/jyotisahu98/logpresso-CVE-2021-44228-Scanner0githubgithub.com/MeterianHQ/log4j-vuln-coverage-check0githubgithub.com/maxant/log4j2-CVE-2021-442280githubgithub.com/honeynet/log4shell-data0githubgithub.com/b1tm0n3r/CVE-2021-442280githubgithub.com/MAFO-sec/mi-laboratorio-log4shell0githubgithub.com/fireflyingup/log4j-poc0githubgithub.com/guardicode/CVE-2021-44228_IoCs0githubgithub.com/felisha-elmer/Sandbox-Challenge-Log4Shell-CVE-2021-44228-0githubgithub.com/lohanichaten/log4j-cve-2021-442280githubgithub.com/urholaukkarinen/docker-log4shell0githubgithub.com/rv4l3r3/log4v-vuln-check0githubgithub.com/Crane-Mocker/log4j-poc0githubgithub.com/uint0/cve-2021-44228-helpers0githubgithub.com/jomjosh17/Log4Shell-CVE-2021-44228-0githubgithub.com/recanavar/vuln_spring_log4j20githubgithub.com/creamIcec/CVE-2021-44228-Apache-Log4j-Rce__review0githubgithub.com/lonecloud/CVE-2021-44228-Apache-Log4j0githubgithub.com/axisops/CVE-2021-442280githubgithub.com/hozyx/log4shell0githubgithub.com/andypitcher/Log4J_checker0githubgithub.com/0xBlackash/CVE-2021-442280githubgithub.com/wmohamed2033/wmohamed2033.github.io0githubgithub.com/Saru1718/THM---Solar-exploiting-Log-4j0githubgithub.com/Lavanya2085/solar-exploiting-log4j0githubgithub.com/jdormannn/SecureOps-Lab0githubgithub.com/joaovicdev/EXPLOIT-CVE-2021-442280githubgithub.com/pinaraltinok/Log4Shell-Attack0githubgithub.com/Contrast-Security-OSS/CVE-2021-442280githubgithub.com/snatalius/log4j2-CVE-2021-44228-poc-local0githubgithub.com/chilit-nl/log4shell-example0githubgithub.com/kaleth4/CVE-2021-442280githubgithub.com/tieupham267/log4shell-coraza0githubgithub.com/sandarenu/log4j2-issue-check0githubgithub.com/roticagas/CVE-2021-44228-Demo0githubgithub.com/tica506/Siem-queries-for-CVE-2021-442280githubgithub.com/strawhatasif/log4j-test0githubgithub.com/ben-smash/l4j-info0githubgithub.com/yanghaoi/CVE-2021-44228_Log4Shell0githubgithub.com/andrii-kovalenko-celonis/log4j-vulnerability-demo0githubgithub.com/ra890927/Log4Shell-CVE-2021-44228-Demo0githubgithub.com/vino-theva/CVE-2021-442280githubgithub.com/tharindudh/tharindudh-Log4j-Vulnerability-in-Ghidra-tool-CVE-2021-442280githubgithub.com/eurogig/jankybank0githubgithub.com/digital-dev/Log4j-CVE-2021-44228-Remediation0githubgithub.com/ocastel/log4j-shell-poc0githubgithub.com/sqsec/log4j2_CVE-2021-442280githubgithub.com/Sumitpathania03/LOG4J-CVE-2021-442280githubgithub.com/53buahapel/log4shell-vulnweb0githubgithub.com/funcid/log4j-exploit-fork-bomb0githubgithub.com/Muhammad-Ali007/Log4j_CVE-2021-442280githubgithub.com/roshanshibu/Odysseus0githubgithub.com/LucasPDiniz/CVE-2021-442280githubgithub.com/felixslama/log4shell-minecraft-demo0githubgithub.com/ShlomiRex/log4shell_lab0githubgithub.com/scabench/l4j-tp10githubgithub.com/scabench/l4j-fp10githubgithub.com/KtokKawu/l4s-vulnapp0githubgithub.com/agylabs/log4shell-remediation0githubgithub.com/YangHyperData/LOGJ4_PocShell_CVE-2021-442280githubgithub.com/NikitaPark/Log4Shell-PoC-Application0githubgithub.com/FacundoMfernandez/pentesting-obioba0githubgithub.com/asd58584388/CVE-2021-442280githubgithub.com/OtisSymbos/CVE-2021-44228-Log4Shell-0githubgithub.com/safeer-accuknox/log4j-shell-poc0githubgithub.com/AhmedMansour93/-Unveiling-the-Lessons-from-Log4Shell-A-Wake-Up-Call-for-Cybersecurity-0githubgithub.com/Super-Binary/cve-2021-442280githubgithub.com/ZacharyZcR/CVE-2021-442280githubgithub.com/aaronm-sysdig/log4j-vuln-demo0githubgithub.com/yadavmukesh/Log4Shell-vulnerability-CVE-2021-44228-0githubgithub.com/tpdlshdmlrkfmcla/Log4shell0githubgithub.com/timothyjxhn/DeliberatelyVulnerableWebApp0githubgithub.com/khaidtraivch/CVE-2021-44228-Log4Shell-0githubgithub.com/Fauzan-Aldi/Log4j-_Vulnerability0githubgithub.com/SerpilRivas/log4shell-homework90githubgithub.com/x1ongsec/CVE-2021-44228-Log4j-JNDI0githubgithub.com/fabioeletto/hka-seminar-log4shell0githubgithub.com/cuijiung/log4j-CVE-2021-442280githubgithub.com/Sorrence/CVE-2021-442280githubgithub.com/moften/Log4Shell0githubgithub.com/KamalideenAK/Microsoft-Defender-for-Endpoint-Deployment-on-Windows-10-11-device0githubgithub.com/arabindadora/log4shell0githubgithub.com/Mintimate/log4j2-bugmaker0githubgithub.com/mgueye3/Log4Shell0githubgithub.com/PCMKUIT/CVE-2021-44228---Log4Shell-Analysis0githubgithub.com/DrHaitham/Log4Shell-CVE-2021-442280githubgithub.com/Loliverte/Log4j-Vulnerability0githubgithub.com/JoseMariaMicoli/Log4Shell-PoC0cve_referencepacketstormsecurity.com/files/165282/Log4j-Payload-Generator.htmlnão verificadocve_referencepacketstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.htmlnão verificadocve_referencepacketstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.htmlnão verificadocve_referencepacketstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.htmlnão verificadocve_referencepacketstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.htmlnão verificadocve_referencepacketstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/50592não verificadocve_referencepacketstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/51183não verificadocve_referencepacketstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.htmlnão verificadocve_referencepacketstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.htmlnão verificadocve_referencepacketstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/50590não verificadocve_referencepacketstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.htmlnão verificadocve_referencepacketstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.htmlnão verificadocve_referencepacketstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.htmlnão verificadocve_referencepacketstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.htmlnão verificadocve_referencepacketstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.htmlnão verificadocve_referencepacketstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.htmlnão verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.htmlhttp://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.htmlhttp://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.htmlhttp://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.htmlhttp://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.htmlhttp://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.htmlhttp://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.htmlhttp://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.htmlhttp://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html