一、 漏洞 CVE-2021-44228 基础信息
漏洞标题
Apache Log4j2 JNDI特性不保护针对攻击者控制的LDAP和其他JNDI相关终端
来源:AIGC 神龙大模型
漏洞描述信息
Apache Log4j2 的 JNDI 功能并未保护 against 攻击者控制的 LDAP 及其他与 JNDI 相关的端点。
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
来源:AIGC 神龙大模型
漏洞类别
N/A
来源:AIGC 神龙大模型
漏洞标题
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
来源:美国国家漏洞数据库 NVD
漏洞描述信息
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
可信数据的反序列化
来源:美国国家漏洞数据库 NVD
漏洞标题
Apache Log4j 代码问题漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞,攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器,当该请求被打印成日志时就会触发远程代码执行。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
代码问题
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2021-44228 的公开POC
# POC 描述 源链接 神龙链接
1 Apache Log4j 远程代码执行 https://github.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce POC详情
2 Patch up CVE-2021-44228 for minecraft forge 1.7.10 - 1.12.2 https://github.com/Glease/Healer POC详情
3 This tool patches the CVE-2021-44228 Log4J vulnerability present in all minecraft versions NOTE THIS TOOL MUST BE RE-RUN after downloading or updating versions of minecraft as its not a perminent patch https://github.com/jacobtread/L4J-Vuln-Patch POC详情
4 Remote Code Injection In Log4j https://github.com/jas502n/Log4j2-CVE-2021-44228 POC详情
5 Log4j-RCE (CVE-2021-44228) Proof of Concept with additional information https://github.com/HyCraftHD/Log4J-RCE-Proof-Of-Concept POC详情
6 一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-44228) defense. https://github.com/boundaryx/cloudrasp-log4j2 POC详情
7 Apache Log4j 2 a remote code execution vulnerability via the ldap JNDI parser. https://github.com/dbgee/CVE-2021-44228 POC详情
8 A mitigation for CVE-2021-44228 (log4shell) that works by patching the vulnerability at runtime. (Works with any vulnerable java software, tested with java 6 and newer) https://github.com/CreeperHost/Log4jPatcher POC详情
9 CVE-2021-44228 fix https://github.com/DragonSurvivalEU/RCE POC详情
10 Deploys an agent to fix CVE-2021-44228 (Log4j RCE vulnerability) in a running JVM process https://github.com/simonis/Log4jPatch POC详情
11 A small server for verifing if a given java program is succeptibel to CVE-2021-44228 https://github.com/zlepper/CVE-2021-44228-Test-Server POC详情
12 Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228). https://github.com/christophetd/log4shell-vulnerable-app POC详情
13 A script that checks for vulnerable Log4j (CVE-2021-44228) systems using injection of the payload in common HTTP headers. https://github.com/NorthwaveSecurity/log4jcheck POC详情
14 Vulnerable to CVE-2021-44228. trustURLCodebase is not required. https://github.com/nkoneko/VictimApp POC详情
15 Patch Pulsar Docker images with Log4J 2.17.1 update to mitigate Apache Log4J Security Vulnerabilities including Log4Shell https://github.com/lhotari/pulsar-docker-images-patch-CVE-2021-44228 POC详情
16 Apache Log4j2 RCE( CVE-2021-44228)验证环境 https://github.com/1in9e/Apache-Log4j2-RCE POC详情
17 vulnerability POC https://github.com/KosmX/CVE-2021-44228-example POC详情
18 Vulnerability CVE-2021-44228 checker https://github.com/greymd/CVE-2021-44228 POC详情
19 Hashes for vulnerable LOG4J versions https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes POC详情
20 CVE-2021-44228 server-side fix for minecraft servers. https://github.com/OopsieWoopsie/mc-log4j-patcher POC详情
21 None https://github.com/wheez-y/CVE-2021-44228-kusto POC详情
22 Mitigation for Log4Shell Security Vulnerability CVE-2021-44228 https://github.com/izzyacademy/log4shell-mitigation POC详情
23 log4shell sample application (CVE-2021-44228) https://github.com/0xst4n/CVE-2021-44228-poc POC详情
24 Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URLs with multithreading https://github.com/takito1812/log4j-detect POC详情
25 Java agent that disables Apache Log4J's JNDI Lookup. Fixes CVE-2021-44228, aka "Log4Shell." https://github.com/winnpixie/log4noshell POC详情
26 CVE-2021-44228 DFIR Notes https://github.com/Azeemering/CVE-2021-44228-DFIR-Notes POC详情
27 🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words POC详情
28 A Proof-Of-Concept for the CVE-2021-44228 vulnerability. https://github.com/kozmer/log4j-shell-poc POC详情
29 Buildpack providing a workaround for CVE-2021-44228 (Log4j RCE exploit) https://github.com/alexandreroman/cve-2021-44228-workaround-buildpack POC详情
30 Minecraft Honeypot for Log4j exploit. CVE-2021-44228 Log4Shell LogJam https://github.com/Adikso/minecraft-log4j-honeypot POC详情
31 None https://github.com/racoon-rac/CVE-2021-44228 POC详情
32 None https://github.com/TheArqsz/CVE-2021-44228-PoC POC详情
33 Rapidly scan filesystems for Java programs potentially vulnerable to Log4Shell (CVE-2021-44228) or "that Log4j JNDI exploit" by inspecting the class paths inside files https://github.com/1lann/log4shelldetect POC详情
34 Log4j2 CVE-2021-44228 复现和回显利用 https://github.com/binganao/Log4j2-RCE POC详情
35 A short demo of CVE-2021-44228 https://github.com/phoswald/sample-ldap-exploit POC详情
36 A minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2021-44228. https://github.com/rakutentech/jndi-ldap-test-server POC详情
37 CVE-2021-44228 POC - Spring / Hibernate https://github.com/uint0/cve-2021-44228--spring-hibernate POC详情
38 Fixes CVE-2021-44228 in log4j by patching JndiLookup class https://github.com/saharNooby/log4j-vulnerability-patcher-agent POC详情
39 CVE-2021-44228 Log4j2 BurpSuite Scanner,Customize ceye.io api or other apis,including internal networks https://github.com/f0ng/log4j2burpscanner POC详情
40 None https://github.com/M1ngGod/CVE-2021-44228-Log4j-lookup-Rce POC详情
41 None https://github.com/byteboycn/CVE-2021-44228-Apache-Log4j-Rce POC详情
42 Log4Shell CVE-2021-44228 mitigation tester https://github.com/lhotari/log4shell-mitigation-tester POC详情
43 A Nuclei Template for Apache Log4j RCE (CVE-2021-44228) Detection with WAF Bypass Payloads https://github.com/toramanemre/log4j-rce-detect-waf-bypass POC详情
44 Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228 https://github.com/logpresso/CVE-2021-44228-Scanner POC详情
45 None https://github.com/vorburger/Log4j_CVE-2021-44228 POC详情
46 Test the CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228 https://github.com/gauthamg/log4j2021_vul_test POC详情
47 None https://github.com/b-abderrahmane/CVE-2021-44228-playground POC详情
48 List of company advisories log4j https://github.com/leetxyz/CVE-2021-44228-Advisories POC详情
49 Content to help the community responding to the Log4j Vulnerability Log4Shell CVE-2021-44228 https://github.com/cado-security/log4shell POC详情
50 Log4j-RCE (CVE-2021-44228) Proof of Concept https://github.com/WYSIIWYG/Log4J_0day_RCE POC详情
51 A Terraform to deploy vulnerable app and a JDNIExploit to work with CVE-2021-44228 https://github.com/MKhazamipour/log4j-vulnerable-app-cve-2021-44228-terraform POC详情
52 Public IoCs about log4j CVE-2021-44228 https://github.com/Sh0ckFR/log4j-CVE-2021-44228-Public-IoCs POC详情
53 CVE-2021-44228 https://github.com/zzzz0317/log4j2-vulnerable-spring-app POC详情
54 Simple demo of CVE-2021-44228 https://github.com/datadavev/test-44228 POC详情
55 Небольшой мод направленный на устранение уязвимости CVE-2021-44228 https://github.com/LemonCraftRu/JndiRemover POC详情
56 Apache Log4j CVE-2021-44228 漏洞复现 https://github.com/zhangxvx/Log4j-Rec-CVE-2021-44228 POC详情
57 Detections for CVE-2021-44228 inside of nested binaries https://github.com/darkarnium/Log4j-CVE-Detect POC详情
58 None https://github.com/chilliwebs/CVE-2021-44228_Example POC详情
59 This enforces signatures for CVE-2021-44228 across all policies on a BIG-IP ASM device https://github.com/irgoncalves/f5-waf-enforce-sig-CVE-2021-44228 POC详情
60 docker compose solution to run a vaccine environment for the log4j2 vulnerability CVE-2021-44228 https://github.com/jeffbryner/log4j-docker-vaccine POC详情
61 A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC https://github.com/mergebase/log4j-detector POC详情
62 A bare minimum proof-of-concept for Log4j2 JNDI RCE vulnerability (CVE-2021-44228/Log4Shell). https://github.com/unlimitedsola/log4j2-rce-poc POC详情
63 CVE-2021-44228,log4j2 burp插件 Java版本,dnslog选取了非dnslog.cn域名 https://github.com/Jeromeyoung/log4j2burpscanner POC详情
64 An agent to hotpatch the log4j RCE from CVE-2021-44228. https://github.com/corretto/hotpatch-for-apache-log4j2 POC详情
65 An All-In-One Pure Python PoC for CVE-2021-44228 https://github.com/alexandre-lavoie/python-log4rce POC详情
66 None https://github.com/RedDrip7/Log4Shell_CVE-2021-44228_related_attacks_IOCs POC详情
67 Apache Log4j2 CVE-2021-44228 RCE Demo with RMI and LDAP https://github.com/mzlogin/CVE-2021-44228-Demo POC详情
68 Script to apply official workaround for VMware vCenter log4j vulnerability CVE-2021-44228 https://github.com/blake-fm/vcenter-log4j POC详情
69 log4j2漏洞复现 https://github.com/creamIcec/CVE-2021-44228-Apache-Log4j-Rce__review POC详情
70 None https://github.com/uint0/cve-2021-44228-helpers POC详情
71 CVE-2021-44228(Apache Log4j Remote Code Execution) https://github.com/RK800-DEV/apache-log4j-poc POC详情
72 CVE-2021-44228 https://github.com/sud0x00/log4j-CVE-2021-44228 POC详情
73 None https://github.com/DiCanio/CVE-2021-44228-docker-example POC详情
74 None https://github.com/mute1997/CVE-2021-44228-research POC详情
75 Log4J CVE-2021-44228 Minecraft PoC https://github.com/myyxl/cve-2021-44228-minecraft-poc POC详情
76 An awesome curated list of repos for CVE-2021-44228. ``Apache Log4j 2`` https://github.com/RrUZi/Awesome-CVE-2021-44228 POC详情
77 Abuse Log4J CVE-2021-44228 to patch CVE-2021-44228 in vulnerable Minecraft game sessions to prevent exploitation in the session :) https://github.com/future-client/CVE-2021-44228 POC详情
78 Local Bytecode Scanner for the Log4JShell Vulnerability (CVE-2021-44228) https://github.com/CodeShield-Security/Log4JShell-Bytecode-Detector POC详情
79 Poc of log4j2 (CVE-2021-44228) https://github.com/Crane-Mocker/log4j-poc POC详情
80 Scan systems and docker images for potential log4j vulnerabilities. Able to patch (remove JndiLookup.class) from layered archives. Will detect in-depth (layered archives jar/zip/tar/war and scans for vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105). Binaries for Windows, Linux and OsX, but can be build on each platform supported by supported Golang. https://github.com/dtact/divd-2021-00038--log4j-scanner POC详情
81 Sample log4j shell exploit https://github.com/kali-dass/CVE-2021-44228-log4Shell POC详情
82 None https://github.com/pravin-pp/log4j2-CVE-2021-44228 POC详情
83 IP addresses exploiting recent log4j2 vulnerability CVE-2021-44228 https://github.com/Malwar3Ninja/Exploitation-of-Log4j2-CVE-2021-44228 POC详情
84 Dockerized Go app for testing the CVE-2021-44228 vulnerability https://github.com/urholaukkarinen/docker-log4shell POC详情
85 Python script that sends CVE-2021-44228 log4j payload requests to url list https://github.com/ssl/scan4log4j POC详情
86 Mitigate log4shell (CVE-2021-44228) vulnerability attacks using Nginx LUA script https://github.com/infiniroot/nginx-mitigate-log4shell POC详情
87 None https://github.com/lohanichaten/log4j-cve-2021-44228 POC详情
88 Lists of affected components and affected apps/vendors by CVE-2021-44228 (aka Log4shell or Log4j RCE). This list is meant as a resource for security responders to be able to find and address the vulnerability https://github.com/authomize/log4j-log4shell-affected POC详情
89 Known IoCs for log4j framework vulnerability https://github.com/guardicode/CVE-2021-44228_IoCs POC详情
90 CVE-2021-44228 test demo https://github.com/fireflyingup/log4j-poc POC详情
91 None https://github.com/qingtengyun/cve-2021-44228-qingteng-patch POC详情
92 A Byte Buddy Java agent-based fix for CVE-2021-44228, the log4j 2.x "JNDI LDAP" vulnerability. https://github.com/nccgroup/log4j-jndi-be-gone POC详情
93 Hot-patch CVE-2021-44228 by exploiting the vulnerability itself. https://github.com/qingtengyun/cve-2021-44228-qingteng-online-patch POC详情
94 A micro lab for CVE-2021-44228 (log4j) https://github.com/tasooshi/horrors-log4shell POC详情
95 An evil RMI server that can launch an arbitrary command. May be useful for CVE-2021-44228 https://github.com/Hydragyrum/evil-rmi-server POC详情
96 Spring Boot Log4j - CVE-2021-44228 Docker Lab https://github.com/twseptian/spring-boot-log4j-cve-2021-44228-docker-lab POC详情
97 Check list of URLs against Log4j vulnerability CVE-2021-44228 https://github.com/OlafHaalstra/log4jcheck POC详情
98 A tool to analyze the log files from minecraft to scan potential security risks from the CVE-2021-44228 Log4J library exploit. https://github.com/psychose-club/Saturn POC详情
99 None https://github.com/Panyaprach/Proof-CVE-2021-44228 POC详情
100 Log4j RCE - (CVE-2021-44228) https://github.com/momos1337/Log4j-RCE POC详情
101 Mitigate against log4j vulnerability https://github.com/palominoinc/cve-2021-44228-log4j-mitigation POC详情
102 A Docker based LDAP RCE exploit demo for CVE-2021-44228 Log4Shell https://github.com/cyberxml/log4j-poc POC详情
103 Log4J (CVE-2021-44228) Exploit with Remote Command Execution (RCE) https://github.com/corneacristian/Log4J-CVE-2021-44228-RCE POC详情
104 Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228) https://github.com/Diverto/nse-log4shell POC详情
105 pythonic pure python RCE exploit for CVE-2021-44228 log4shell https://github.com/dotPY-hax/log4py POC详情
106 CVE-2021-44228 (Log4Shell) Proof of Concept https://github.com/sunnyvale-it/CVE-2021-44228-PoC POC详情
107 None https://github.com/maxant/log4j2-CVE-2021-44228 POC详情
108 fail2ban filter that catches attacks againts log4j CVE-2021-44228 https://github.com/atnetws/fail2ban-log4j POC详情
109 Some files for red team/blue team investigations into CVE-2021-44228 https://github.com/kimobu/cve-2021-44228 POC详情
110 Fun things against the abuse of the recent CVE-2021-44228 (Log4Shell) vulnerability using common web servers. https://github.com/KainsRache/anti-jndi POC详情
111 log4J burp被扫插件、CVE-2021-44228、支持dnclog.cn和burp内置DNS、可配合JNDIExploit生成payload https://github.com/bigsizeme/Log4j-check POC详情
112 This is a proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228). https://github.com/pedrohavay/exploit-CVE-2021-44228 POC详情
113 Ingest GreyNoise.io malicious feed for CVE-2021-44228 and apply null routes https://github.com/0xRyan/log4j-nullroute POC详情
114 OpenIOC rules to facilitate hunting for indicators of compromise https://github.com/fireeye/CVE-2021-44228 POC详情
115 A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228 https://github.com/fullhunt/log4j-scan POC详情
116 a fast check, if your server could be vulnerable to CVE-2021-44228 https://github.com/rubo77/log4j_checker_beta POC详情
117 Scanner for Log4j RCE CVE-2021-44228 https://github.com/thecyberneh/Log4j-RCE-Exploiter POC详情
118 CVE-2021-44228 https://github.com/halibobor/log4j2 POC详情
119 Using code search to help fix/mitigate log4j CVE-2021-44228 https://github.com/sourcegraph/log4j-cve-code-search-resources POC详情
120 Log4J CVE-2021-44228 : Mitigation Cheat Sheet https://github.com/thedevappsecguy/Log4J-Mitigation-CVE-2021-44228--CVE-2021-45046--CVE-2021-45105--CVE-2021-44832 POC详情
121 None https://github.com/helsecert/CVE-2021-44228 POC详情
122 CVE-2021-44228 log4j mitigation using aws wafv2 with ansible https://github.com/markuman/aws-log4j-mitigations POC详情
123 A lab for playing around with the Log4J CVE-2021-44228 https://github.com/tuyenee/Log4shell POC详情
124 Log4j Remote Code Injection (Apache Log4j 2.x < 2.15.0-rc2) https://github.com/JiuBanSec/Log4j-CVE-2021-44228 POC详情
125 Log4Shell Docker Env https://github.com/ycdxsb/Log4Shell-CVE-2021-44228-ENV POC详情
126 This repository contains a script that you can run on your (windows) machine to mitigate CVE-2021-44228 https://github.com/avwolferen/Sitecore.Solr-log4j-mitigation POC详情
127 Simple tool for scanning entire directories for attempts of CVE-2021-44228 https://github.com/kek-Sec/log4j-scanner-CVE-2021-44228 POC详情
128 Research into the implications of CVE-2021-44228 in Spring based applications. https://github.com/Camphul/log4shell-spring-framework-research POC详情
129 CVE-2021-4428 复现 https://github.com/lov3r/cve-2021-44228-log4j-exploits POC详情
130 simple python scanner to check if your network is vulnerable to CVE-2021-44228 https://github.com/sinakeshmiri/log4jScan POC详情
131 Burp extension to scan Log4Shell (CVE-2021-44228) vulnerability pre and post auth. https://github.com/0xDexter0us/Log4J-Scanner POC详情
132 None https://github.com/LutziGoz/Log4J_Exploitation-Vulnerabiliy__CVE-2021-44228 POC详情
133 This repository contains all gathered resources we used during our Incident Reponse on CVE-2021-44228 and CVE-2021-45046 aka Log4Shell. https://github.com/0xsyr0/Log4Shell POC详情
134 log4j2 CVE-2021-44228 POC https://github.com/1hakusai1/log4j-rce-CVE-2021-44228 POC详情
135 CVE-2021-44228 - Apache log4j RCE quick test https://github.com/jeffli1024/log4j-rce-test POC详情
136 None https://github.com/zsolt-halo/Log4J-Log4Shell-CVE-2021-44228-Spring-Boot-Test-Service POC详情
137 Log4j CVE-2021-44228 examples: Remote Code Execution (through LDAP, RMI, ...), Forced DNS queries, ... https://github.com/manuel-alvarez-alvarez/log4j-cve-2021-44228 POC详情
138 Mass recognition tool for CVE-2021-44228 https://github.com/VNYui/CVE-2021-44228 POC详情
139 None https://github.com/flxhaas/Scan-CVE-2021-44228 POC详情
140 Mass Check Vulnerable Log4j CVE-2021-44228 https://github.com/justakazh/Log4j-CVE-2021-44228 POC详情
141 This tool creates a custom signature set on F5 WAF and apply to policies in blocking mode https://github.com/irgoncalves/f5-waf-quick-patch-cve-2021-44228 POC详情
142 Some tools to help mitigating Apache Log4j 2 CVE-2021-44228 https://github.com/madCdan/JndiLookup POC详情
143 A singular file to protect as many Minecraft servers and clients as possible from the Log4j exploit (CVE-2021-44228). https://github.com/Koupah/MC-Log4j-Patcher POC详情
144 Apply class remove process from ear/war/jar/zip archive, see https://logging.apache.org/log4j/2.x/ https://github.com/AlexandreHeroux/Fix-CVE-2021-44228 POC详情
145 demo project to highlight how to execute the log4j (CVE-2021-44228) vulnerability https://github.com/kossatzd/log4j-CVE-2021-44228-test POC详情
146 None https://github.com/tobiasoed/log4j-CVE-2021-44228 POC详情
147 log4j / log4shell IoCs from multiple sources put together in one big file (IPs) more coming soon (CVE-2021-44228) https://github.com/hackinghippo/log4shell_ioc_ips POC详情
148 log4j version 1 with a patch for CVE-2021-44228 vulnerability https://github.com/p3dr16k/log4j-1.2.15-mod POC详情
149 Find Log4Shell CVE-2021-44228 on your system https://github.com/claranet/ansible-role-log4shell POC详情
150 None https://github.com/taurusxin/CVE-2021-44228 POC详情
151 Log4j Exploit Detection Logic for Zeek https://github.com/corelight/cve-2021-44228 POC详情
152 CVE-2021-44228 https://github.com/rodfer0x80/log4j2-prosecutor POC详情
153 Log4Shell A test for CVE-2021-44228 https://github.com/yanghaoi/CVE-2021-44228_Log4Shell POC详情
154 Python3 script for scanning CVE-2021-44228 (Log4shell) vulnerable machines. https://github.com/lfama/log4j_checker POC详情
155 Public IOCs about log4j CVE-2021-44228 https://github.com/threatmonit/Log4j-IOCs POC详情
156 Compiling links of value i find regarding CVE-2021-44228 https://github.com/ben-smash/l4j-info POC详情
157 Demonstration of CVE-2021-44228 with a possible strategic fix. https://github.com/strawhatasif/log4j-test POC详情
158 Nmap Log4Shell NSE script for discovery Apache Log4j RCE (CVE-2021-44228) https://github.com/giterlizzi/nmap-log4shell POC详情
159 None https://github.com/tica506/Siem-queries-for-CVE-2021-44228 POC详情
160 The goal of this project is to demonstrate the log4j cve-2021-44228 exploit vulnerability in a spring-boot setup, and to show how to fix it. https://github.com/chilit-nl/log4shell-example POC详情
161 Bash and PowerShell scripts to scan a local filesystem for Log4j .jar files which could be vulnerable to CVE-2021-44228 aka Log4Shell. https://github.com/Occamsec/log4j-checker POC详情
162 Just a personal proof of concept of CVE-2021-44228 on log4j2 https://github.com/snatalius/log4j2-CVE-2021-44228-poc-local POC详情
163 Professional Service scripts to aid in the identification of affected Java applications in TeamServer https://github.com/Contrast-Security-OSS/CVE-2021-44228 POC详情
164 PCRE RegEx matching Log4Shell CVE-2021-44228 IOC in your logs https://github.com/back2root/log4shell-rex POC详情
165 Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046 https://github.com/alexbakker/log4shell-tools POC详情
166 Find log4j for CVE-2021-44228 on some places * Log4Shell https://github.com/perryflynn/find-log4j POC详情
167 Scan your logs for CVE-2021-44228 related activity and report the attackers https://github.com/5l1v3r1/jndiRep POC详情
168 Sample docker-compose setup to show how this exploit works https://github.com/alpacamybags118/log4j-cve-2021-44228-sample POC详情
169 Demo project to evaluate Log4j2 Vulnerability | CVE-2021-44228 https://github.com/sandarenu/log4j2-issue-check POC详情
170 None https://github.com/roticagas/CVE-2021-44228-Demo POC详情
171 Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading https://github.com/Woahd/log4j-urlscanner POC详情
172 Log4j2 CVE-2021-44228 revshell, ofc it suck!! https://github.com/faisalfs10x/Log4j2-CVE-2021-44228-revshell POC详情
173 Some siimple checks to see if JAR file is vulnerable to CVE-2021-44228 https://github.com/gcmurphy/chk_log4j POC详情
174 A fully automated, reliable, super-fast, mass scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability. https://github.com/0xInfection/LogMePwn POC详情
175 A Nuclei template for Apache Solr affected by Apache Log4J CVE-2021-44228 https://github.com/toramanemre/apache-solr-log4j-CVE-2021-44228 POC详情
176 Check CVE-2021-44228 vulnerability https://github.com/codiobert/log4j-scanner POC详情
177 Little recap of the log4j2 remote code execution (CVE-2021-44228) https://github.com/cbuschka/log4j2-rce-recap POC详情
178 Endpoint to test CVE-2021-44228 – Log4j 2 https://github.com/andrii-kovalenko-celonis/log4j-vulnerability-demo POC详情
179 On Thursday (December 9th), a 0-day exploit in the popular Java logging library log4j (version 2) was discovered that results in Remote Code Execution (RCE) by logging a certain string. Given how ubiquitous this library is, the impact of the exploit (full server control), and how easy it is to exploit, the impact of this vulnerability is quite severe. We're calling it "Log4Shell" for short. https://github.com/jan-muhammad-zaidi/Log4j-CVE-2021-44228 POC详情
180 Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228, CVE-2021-45046, CVE-2021-45105) https://github.com/fox-it/log4j-finder POC详情
181 Details : CVE-2021-44228 https://github.com/34zY/JNDI-Exploit-1.2-log4shell POC详情
182 None https://github.com/didoatanasov/cve-2021-44228 POC详情
183 The vulnerability, which can allow an attacker to execute arbitrary code by sending crafted log messages, has been identified as CVE-2021-44228 and given the name Log4Shell. https://github.com/ReynerGonzalez/Security-Log4J-Tester POC详情
184 CVE-2021-44228 https://github.com/ShaneKingBlog/org.shaneking.demo.cve.y2021.s44228 POC详情
185 Repo containing all info, scripts, etc. related to CVE-2021-44228 https://github.com/wortell/log4j POC详情
186 None https://github.com/municipalparkingservices/CVE-2021-44228-Scanner POC详情
187 Internal network honeypot for detecting if an attacker or insider threat scans your network for log4j CVE-2021-44228 https://github.com/BinaryDefense/log4j-honeypot-flask POC详情
188 Tools for investigating Log4j CVE-2021-44228 https://github.com/MalwareTech/Log4jTools POC详情
189 A firewall reverse proxy for preventing Log4J (Log4Shell aka CVE-2021-44228) attacks. https://github.com/mufeedvh/log4jail POC详情
190 Simple Spring Boot application vulnerable to CVE-2021-44228 (a.k.a log4shell) https://github.com/guerzon/log4shellpoc POC详情
191 None https://github.com/ab0x90/CVE-2021-44228_PoC POC详情
192 Tools for remediating the recent log4j2 RCE vulnerability (CVE-2021-44228) https://github.com/stripe/log4j-remediation-tools POC详情
193 Log4j Shield - fast ⚡, scalable and easy to use Log4j vulnerability CVE-2021-44228 finder and patcher https://github.com/xsultan/log4jshield POC详情
194 CVE-2021-44228 Response Scripts https://github.com/0xThiebaut/CVE-2021-44228 POC详情
195 Scanners for Jar files that may be vulnerable to CVE-2021-44228 https://github.com/CERTCC/CVE-2021-44228_scanner POC详情
196 None https://github.com/CrackerCat/CVE-2021-44228-Log4j-Payloads POC详情
197 Fast filesystem scanner for CVE-2021-44228 https://github.com/dbzoo/log4j_scanner POC详情
198 Aims to find JndiLookup.class in nearly any directory or zip, jar, ear, war file, even deeply nested. https://github.com/jeremyrsellars/CVE-2021-44228_scanner POC详情
199 Quick Deploy to show case cve-2021-44228 https://github.com/JustinDPerkins/C1-WS-LOG4SHELL POC详情
200 Log4J Updater Bash Script to automate the framework update process on numerous machines and prevent the CVE-2021-44228 https://github.com/VinniMarcon/Log4j-Updater POC详情
201 This project is just to show Apache Log4j2 Vulnerability - aka CVE-2021-44228 https://github.com/bhprin/log4j-vul POC详情
202 None https://github.com/avirahul007/CVE-2021-44228 POC详情
203 A playground for poking at the Log4Shell (CVE-2021-44228) vulnerability mitigations https://github.com/rgl/log4j-log4shell-playground POC详情
204 A one-stop repo/ information hub for all log4j vulnerability-related information. https://github.com/anuvindhs/how-to-check-patch-secure-log4j-CVE-2021-44228 POC详情
205 Identifying all log4j components across all windows servers, entire domain, can be multi domain. CVE-2021-44228 https://github.com/KeysAU/Get-log4j-Windows.ps1 POC详情
206 Apache Log4j Zero Day Vulnerability aka Log4Shell aka CVE-2021-44228 https://github.com/kubearmor/log4j-CVE-2021-44228 POC详情
207 Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228 https://github.com/jyotisahu98/logpresso-CVE-2021-44228-Scanner POC详情
208 This repository is designed to be a collection of resources to learn about, detect and mitigate the impact of the Log4j vulnerability - more formally known as CVE-2021-44228 and CVE-2021-45046 (mirror from GitLab.com) https://github.com/gitlab-de/log4j-resources POC详情
209 An automated, reliable scanner for the Log4Shell (CVE-2021-44228) vulnerability. https://github.com/redhuntlabs/Log4JHunt POC详情
210 Test case to check if the Log4Shell/CVE-2021-44228 hotfix will raise any unexpected exceptions https://github.com/mss/log4shell-hotfix-side-effect POC详情
211 None https://github.com/111coding/log4j_temp_CVE-2021-44228 POC详情
212 A simple project to check coverage of Log4J vuln CVE-2021-44228 (and related) https://github.com/MeterianHQ/log4j-vuln-coverage-check POC详情
213 fix cve 44228 for windows https://github.com/sebiboga/jmeter-fix-cve-2021-44228-windows POC详情
214 we are providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account. The script enables security teams to identify external-facing AWS assets by running the exploit on them, and thus be able to map them and quickly patch them https://github.com/mitiga/log4shell-cloud-scanner POC详情
215 A scanner and a proof of sample exploit for log4j RCE CVE-2021-44228 https://github.com/isuruwa/Log4j POC详情
216 Data we are receiving from our honeypots about CVE-2021-44228 https://github.com/honeynet/log4shell-data POC详情
217 Scans for Log4j versions effected by CVE-2021-44228 https://github.com/inettgmbh/checkmk-log4j-scanner POC详情
218 CVE-2021-44228 demo webapp https://github.com/b1tm0n3r/CVE-2021-44228 POC详情
219 None https://github.com/VerveIndustrialProtection/CVE-2021-44228-Log4j POC详情
220 An automated header extensive scanner for detecting log4j RCE CVE-2021-44228 https://github.com/alenazi90/log4j POC详情
221 Very simple Ansible playbook that scan filesystem for JAR files vulnerable to Log4Shell https://github.com/pmontesd/log4j-cve-2021-44228 POC详情
222 Small example repo for looking into log4j CVE-2021-44228 https://github.com/LiveOverflow/log4shell POC详情
223 None https://github.com/aws-samples/kubernetes-log4j-cve-2021-44228-node-agent POC详情
224 Dockerized honeypot for CVE-2021-44228. https://github.com/michaelsanford/Log4Shell-Honeypot POC详情
225 A honeypot for the Log4Shell vulnerability (CVE-2021-44228). https://github.com/thomaspatzke/Log4Pot POC详情
226 A Remote Code Execution PoC for Log4Shell (CVE-2021-44228) https://github.com/ubitech/cve-2021-44228-rce-poc POC详情
227 This script is used to perform a fast check if your server is possibly affected by CVE-2021-44228 (the log4j vulnerability). https://github.com/rv4l3r3/log4v-vuln-check POC详情
228 log4j vulnerability wrapper scanner for CVE-2021-44228 https://github.com/dpomnean/log4j_scanner_wrapper POC详情
229 This Log4j RCE exploit originated from https://github.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce https://github.com/roxas-tan/CVE-2021-44228 POC详情
230 log4shell (CVE-2021-44228) scanning tool https://github.com/shamo0/CVE-2021-44228 POC详情
231 Log4j漏洞(CVE-2021-44228)的Burpsuite检测插件 https://github.com/snow0715/log4j-Scan-Burpsuite POC详情
232 CVE-2021-44228 vulnerability in Apache Log4j library | Log4j vulnerability scanner on Windows machines. https://github.com/Joefreedy/Log4j-Windows-Scanner POC详情
233 Detect and fix log4j log4shell vulnerability (CVE-2021-44228) https://github.com/Nanitor/log4fix POC详情
234 Simple bash script to scan multiples url for log4j vulnerability (CVE-2021-44228) https://github.com/Gyrfalc0n/scanlist-log4j POC详情
235 Simple webapp that is vulnerable to Log4Shell (CVE-2021-44228) https://github.com/korteke/log4shell-demo POC详情
236 Simple Vulnerable Spring Boot Application to Test the CVE-2021-44228 https://github.com/recanavar/vuln_spring_log4j2 POC详情
237 Burp Active Scan extension to identify Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046 https://github.com/DXC-StrikeForce/Burp-Log4j-HammerTime POC详情
238 Scanner recursivo de arquivos desenvolvido em Python 3 para localização e varredura de versões vulneráveis do Log4j2, contemplando análise interna de arquivos JAR (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 e CVE-2021-44832) https://github.com/andalik/log4j-filescan POC详情
239 CVE-2021-44228-Apache-Log4j https://github.com/lonecloud/CVE-2021-44228-Apache-Log4j POC详情
240 Log4Shell CVE-2021-44228 Vulnerability Scanner and POC https://github.com/gyaansastra/CVE-2021-44228 POC详情
241 log4j mitigation work https://github.com/axisops/CVE-2021-44228 POC详情
242 Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URLs with multithreading https://github.com/kal1gh0st/MyLog4Shell POC详情
243 Applications that are vulnerable to the log4j CVE-2021-44228/45046 issue may be detectable by scanning jar, war, ear, zip files to search for the presence of JndiLookup.class. https://github.com/hozyx/log4shell POC详情
244 Log4J checker for Apache CVE-2021-44228 https://github.com/andypitcher/Log4J_checker POC详情
245 None https://github.com/Vulnmachines/log4j-cve-2021-44228 POC详情
246 None https://github.com/kannthu/CVE-2021-44228-Apache-Log4j-Rce POC详情
247 Log4Shell Proof of Concept (CVE-2021-44228) https://github.com/Kr0ff/CVE-2021-44228 POC详情
248 Log4shell - Multi-Toolkit. Find, Fix & Test possible CVE-2021-44228 vulneraries - provides a complete LOG4SHELL test/attack environment on shell https://github.com/suuhm/log4shell4shell POC详情
249 Test exploit of CVE-2021-44228 https://github.com/wajda/log4shell-test-exploit POC详情
250 A lab demonstration of the log4shell vulnerability: CVE-2021-44228 https://github.com/obscuritylabs/log4shell-poc-lab POC详情
251 Script - Workaround instructions to address CVE-2021-44228 in vCenter Server https://github.com/Fazmin/vCenter-Server-Workaround-Script-CVE-2021-44228 POC详情
252 PoC RCE Log4j CVE-2021-4428 para pruebas https://github.com/Grupo-Kapa-7/CVE-2021-44228-Log4j-PoC-RCE POC详情
253 None https://github.com/rohankumardubey/CVE-2021-44228_scanner POC详情
254 Log4Shell mitigation (CVE-2021-44228) - search and remove JNDI class from *log4j*.jar files on the system with Powershell (Windows) https://github.com/sysadmin0815/Fix-Log4j-PowershellScript POC详情
255 Log4j2 Vulnerability (CVE-2021-44228) https://github.com/RenYuH/log4j-lookups-vulnerability POC详情
256 Scanner for the Log4j vulnerability dubbed Log4Shell (CVE-2021-44228) https://github.com/scheibling/py-log4shellscanner POC详情
257 Log4Shell (CVE-2021-44228): Descrizione, Exploitation e Mitigazione https://github.com/zaneef/CVE-2021-44228 POC详情
258 Scan your IP network and determine hosts with possible CVE-2021-44228 vulnerability in log4j library. https://github.com/metodidavidovic/log4j-quick-scan POC详情
259 A collection of IOCs for CVE-2021-44228 also known as Log4Shell https://github.com/WatchGuard-Threat-Lab/log4shell-iocs POC详情
260 Provide patched version of Log4J against CVE-2021-44228 and CVE-2021-45046 as well as a script to manually patch it yourself https://github.com/Aschen/log4j-patched POC详情
261 A simple simulation of the infamous CVE-2021-44228 issue. https://github.com/Nikolas-Charalambidis/cve-2021-44228 POC详情
262 CVE-2021-44228 https://github.com/m0rath/detect-log4j-exploitable POC详情
263 None https://github.com/nu11secur1ty/CVE-2021-44228-VULN-APP POC详情
264 Docker images and k8s YAMLs for Log4j Vulnerability POC (Log4j (CVE-2021-44228 RCE Vulnerability) https://github.com/ankur-katiyar/log4j-docker POC详情
265 This project will help to test the Log4j CVE-2021-44228 vulnerability. https://github.com/immunityinc/Log4j-JNDIServer POC详情
266 can find, analyse and patch Log4J files because of CVE-2021-44228, CVE-2021-45046 https://github.com/DANSI/PowerShell-Log4J-Scanner POC详情
267 A scanning suite to find servers affected by the log4shell flaw (CVE-2021-44228) with example to test it https://github.com/suniastar/scan-log4shell POC详情
268 An attempt to understand the log4j vulnerability by looking through the code https://github.com/shivakumarjayaraman/log4jvulnerability-CVE-2021-44228 POC详情
269 Self-contained lab environment that runs the exploit safely, all from docker compose https://github.com/j3kz/CVE-2021-44228-PoC POC详情
270 A fun activity using a packet capture file from the log4j exploit (CVE-2021-44228) https://github.com/Apipia/log4j-pcap-activity POC详情
271 Log4Shell (CVE-2021-44228) docker lab https://github.com/axelcurmi/log4shell-docker-lab POC详情
272 This is a showcase how the Log4J vulnerability (CVE-2021-44228) could be explored. This code is safe to run, but understand what it does and how it works! https://github.com/otaviokr/log4j-2021-vulnerability-study POC详情
273 None https://github.com/kkyehit/log4j_CVE-2021-44228 POC详情
274 An Inspec profile to check for Log4j CVE-2021-44228 and CVE-2021-45046 https://github.com/trickyearlobe/inspec-log4j POC详情
275 Vulnerability analysis, patch management and exploitation tool forCVE-2021-44228 / CVE-2021-45046 / CVE-2021-4104 https://github.com/TheInterception/Log4J-Simulation-Tool POC详情
276 Identifying all log4j components across on local windows servers. CVE-2021-44228 https://github.com/KeysAU/Get-log4j-Windows-local POC详情
277 Demo to show how Log4Shell / CVE-2021-44228 vulnerability works https://github.com/mschmnet/Log4Shell-demo POC详情
278 A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228 https://github.com/Rk-000/Log4j_scan_Advance POC详情
279 Exploiting CVE-2021-44228 in vCenter for remote code execution and more. https://github.com/puzzlepeaches/Log4jCenter POC详情
280 A Proof of Concept of the Log4j vulnerabilities (CVE-2021-44228) over Java-RMI https://github.com/Labout/log4shell-rmi-poc POC详情
281 a project written in go and java i abandoned for CVE-2021-44228 try to fix it if you can XD https://github.com/TotallyNotAHaxxer/f-for-java POC详情
282 log4j2 Log4Shell CVE-2021-44228 proof of concept https://github.com/spasam/log4j2-exploit POC详情
283 None https://github.com/bumheehan/cve-2021-44228-log4j-test POC详情
284 A script to search, scrape and scan for Apache Log4j CVE-2021-44228 affected files using Google dorks https://github.com/JagarYousef/log4j-dork-scanner POC详情
285 Shell script to remove JndiLookup class from Log4J 2 jar file, inside WAR file, in order to mitigate CVE-2021-44228, a.k.a., #Log4Shell https://github.com/dmitsuo/log4shell-war-fixer POC详情
286 log4j2 RCE漏洞(CVE-2021-44228)内网扫描器,可用于在不出网的条件下进行漏洞扫描,帮助企业内部快速发现Log4jShell漏洞。 https://github.com/Y0-kan/Log4jShell-Scan POC详情
287 Script en bash que permite identificar la vulnerabilidad Log4j CVE-2021-44228 de forma remota. https://github.com/julian911015/Log4j-Scanner-Exploit POC详情
288 None https://github.com/intel-xeon/CVE-2021-44228---detection-with-PowerShell POC详情
289 Windows Batch Scrip to Fix the log4j-issue-CVE-2021-44228 https://github.com/chandru-gunasekaran/log4j-fix-CVE-2021-44228 POC详情
290 Java application vulnerable to CVE-2021-44228 https://github.com/erickrr-bd/TekiumLog4jApp POC详情
291 Vulnerable web application to test CVE-2021-44228 / log4shell and forensic artifacts from an example attack https://github.com/snapattack/damn-vulnerable-log4j-app POC详情
292 Scan and patch tool for CVE-2021-44228 and related log4j concerns. https://github.com/sassoftware/loguccino POC详情
293 相关的复现和文档 https://github.com/xx-zhang/apache-log4j2-CVE-2021-44228 POC详情
294 Python script to detect Log4Shell Vulnerability CVE-2021-44228 https://github.com/r00thunter/Log4Shell-Scanner POC详情
295 POC for CVE-2021-44228 within Springboot https://github.com/mn-io/log4j-spring-vuln-poc POC详情
296 Log4j2 CVE-2021-44228 hack demo for a springboot app https://github.com/rejupillai/log4j2-hack-springboot POC详情
297 Ansible detector scanner playbook to verify target Linux hosts using the official Red Hat Log4j detector script RHSB-2021-009 Remote Code Execution - log4j (CVE-2021-44228) https://github.com/lucab85/log4j-cve-2021-44228 POC详情
298 Log4Shell Demo with AWS https://github.com/BabooPan/Log4Shell-CVE-2021-44228-Demo POC详情
299 A Smart Log4Shell/Log4j/CVE-2021-44228 Scanner https://github.com/ossie-git/log4shell_sentinel POC详情
300 Generic Scanner for Apache log4j RCE CVE-2021-44228 https://github.com/r00thunter/Log4Shell POC详情
301 CVE-2021-44228-FIX-JARS https://github.com/asyzdykov/cve-2021-44228-fix-jars POC详情
302 Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS https://github.com/BJLIYANLIANG/log4j-scanner POC详情
303 Proof of Concept of apache log4j LDAP lookup vulnerability. CVE-2021-44228 https://github.com/badb33f/Apache-Log4j-POC POC详情
304 open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability https://github.com/TaroballzChen/CVE-2021-44228-log4jVulnScanner-metasploit POC详情
305 Ansible playbook to verify target Linux hosts using the official Red Hat Log4j detector script RHSB-2021-009 for Log4Shell (CVE-2021-44228). https://github.com/lucab85/ansible-role-log4shell POC详情
306 general purpose workaround for the log4j CVE-2021-44228 vulnerability https://github.com/grimch/log4j-CVE-2021-44228-workaround POC详情
307 A Proof-Of-Concept Exploit for CVE-2021-44228 vulnerability. https://github.com/cybersecurityworks553/log4j-shell-csw POC详情
308 CVE-2021-44228 检查工具 https://github.com/Toolsec/log4j-scan POC详情
309 Exploiting CVE-2021-44228 in Unifi Network Application for remote code execution and more. https://github.com/puzzlepeaches/Log4jUnifi POC详情
310 Log4j2 CVE-2021-44228 Vulnerability POC in Apache Tomcat https://github.com/many-fac3d-g0d/apache-tomcat-log4j POC详情
311 PoC for CVE-2021-44228. https://github.com/marcourbano/CVE-2021-44228 POC详情
312 Spring Boot web application vulnerable to CVE-2021-44228, nicknamed Log4Shell. https://github.com/bsigouin/log4shell-vulnerable-app POC详情
313 this repository contains a POC of CVE-2021-44228 (log4j2shell) as part of a security research https://github.com/ToxicEnvelope/XSYS-Log4J2Shell-Ex POC详情
314 Regra ModSec para proteção log4j2 - CVE-2021-44228 https://github.com/felipe8398/ModSec-log4j2 POC详情
315 CVE-2021-44228 https://github.com/ceyhuncamli/Log4j_Attacker_IPList POC详情
316 Log4Shell (CVE-2021-44228) is a zero-day vulnerability in Log4j https://github.com/mazhar-hassan/log4j-vulnerability POC详情
317 IOCs for CVE-2021-44228 https://github.com/cungts/VTI-IOCs-CVE-2021-44228 POC详情
318 Log4Shell (Cve-2021-44228) Proof Of Concept https://github.com/s-retlaw/l4s_poc POC详情
319 None https://github.com/Ravid-CheckMarx/CVE-2021-44228-Apache-Log4j-Rce-main POC详情
320 log4j-paylaod generator : A generic payload generator for Apache log4j RCE CVE-2021-44228 https://github.com/yesspider-hacker/log4j-payload-generator POC详情
321 Quick and dirty scanner, hitting common ports looking for Log4Shell (CVE-2021-44228) vulnerability https://github.com/LinkMJB/log4shell_scanner POC详情
322 A tool for detect&exploit vmware product log4j(cve-2021-44228) vulnerability.Support VMware HCX/vCenter/NSX/Horizon/vRealize Operations Manager https://github.com/NS-Sp4ce/Vm4J POC详情
323 A spigot plugin to fix CVE-2021-44228 Log4j remote code execution vulnerability, to protect Minecraft clients. https://github.com/PoneyClairDeLune/LogJackFix POC详情
324 Presents how to exploit CVE-2021-44228 vulnerability. https://github.com/MarceloLeite2604/log4j-vulnerability POC详情
325 This repository contains a Spring Boot web application vulnerable to CVE-2021-44228, known as log4shell. https://github.com/romanutti/log4shell-vulnerable-app POC详情
326 Log4j Vulnerability Scanner https://github.com/marklindsey11/-CVE-2021-44228_scanner-Applications-that-are-vulnerable-to-the-log4j-CVE-2021-44228-https-nvd. POC详情
327 Log4j-Scanner https://github.com/marklindsey11/gh-repo-clone-marklindsey11--CVE-2021-44228_scanner-Applications-that-are-vulnerable-to-the-log4j-CV POC详情
328 Log4j2 LDAP 취약점 테스트 (CVE-2021-44228) https://github.com/mklinkj/log4j2-test POC详情
329 Searchable page for CISA Log4j (CVE-2021-44228) Affected Vendor & Software List https://github.com/4jfinder/4jfinder.github.io POC详情
330 None https://github.com/alexpena5635/CVE-2021-44228_scanner-main-Modified- POC详情
331 A vulnerable web app for log4j2 RCE(CVE-2021-44228) exploit test. https://github.com/kanitan/log4j2-web-vulnerable POC详情
332 Backdoor detection for VMware view https://github.com/mr-r3b00t/CVE-2021-44228 POC详情
333 A simple program to demonstrate how Log4j vulnerability can be exploited ( CVE-2021-44228 ) https://github.com/ChandanShastri/Log4j_Vulnerability_Demo POC详情
334 Exploiting CVE-2021-44228 in VMWare Horizon for remote code execution and more. https://github.com/puzzlepeaches/Log4jHorizon POC详情
335 Log4jshell - CVE-2021-44228 https://github.com/Vulnmachines/log4jshell_CVE-2021-44228 POC详情
336 CVE-2021-44228 https://github.com/mr-vill4in/log4j-fuzzer POC详情
337 A vulnerable Java based REST API for demonstrating CVE-2021-44228 (log4shell). https://github.com/nix-xin/vuln4japi POC详情
338 This Log4j RCE exploit originated from https://github.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce https://github.com/maximofernandezriera/CVE-2021-44228 POC详情
339 Démo du fonctionnement de log4shell (CVE-2021-44228) https://github.com/jxerome/log4shell POC详情
340 None https://github.com/solitarysp/Log4j-CVE-2021-44228 POC详情
341 Script to create a log4j (CVE-2021-44228) exploit with support for different methods of getting a reverse shell https://github.com/atlassion/log4j-exploit-builder POC详情
342 Fix: CVE-2021-44228 4LOGJ https://github.com/atlassion/RS4LOGJ-CVE-2021-44228 POC详情
343 This work includes testing and improvement tools for CVE-2021-44228(log4j). https://github.com/sdogancesur/log4j_github_repository POC详情
344 This Pwsh script run AppScan Standard scans against a list of web sites (URLs.txt) checking for Log4J (CVE-2021-44228) vulnerability https://github.com/jrocia/Search-log4Jvuln-AppScanSTD POC详情
345 A Java application intentionally vulnerable to CVE-2021-44228 https://github.com/aajuvonen/log4stdin POC详情
346 Static detection of vulnerable log4j librairies on Windows servers, members of an AD domain. https://github.com/arnaudluti/PS-CVE-2021-44228 POC详情
347 POC for Infamous Log4j CVE-2021-44228 https://github.com/ColdFusionX/CVE-2021-44228-Log4Shell-POC POC详情
348 Testing WAF protection against CVE-2021-44228 Log4Shell https://github.com/robrankin/cve-2021-44228-waf-tests POC详情
349 vulnerable setup to display an attack chain of log4j CVE-2021-44228 with privilege escalation to root using the polkit exploit CVE-2021-4034 https://github.com/0xalwayslucky/log4j-polkit-poc POC详情
350 PortSwigger Burp Plugin for the Log4j (CVE-2021-44228) https://github.com/y-security/yLog4j POC详情
351 This repository is for Log4j 2021 (CVE-2021-44228) Vulnerability demonstration and mitigation. https://github.com/FeryaelJustice/Log4Shell POC详情
352 Log4j vulner testing environment based on CVE-2021-44228. It provide guidance to build the sample infrastructure and the exploit scripts. Supporting cooki3 script as the main exploit tools & integration https://github.com/hotpotcookie/CVE-2021-44228-white-box POC详情
353 Rust implementation of the Log 4 Shell (log 4 j - CVE-2021-44228) https://github.com/s-retlaw/l4srs POC详情
354 A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228 https://github.com/Ananya-0306/Log-4j-scanner POC详情
355 Springboot web application accepts a name get parameter and logs its value to log4j2. Vulnerable to CVE-2021-44228. https://github.com/paulvkitor/log4shellwithlog4j2_13_3 POC详情
356 HERRAMIENTA AUTOMATIZADA PARA LA DETECCION DE LA VULNERABILIDAD CVE-2021-44228 https://github.com/MiguelM001/vulescanjndilookup POC详情
357 Log4j2组件命令执行RCE / Code By:Jun_sheng https://github.com/Jun-5heng/CVE-2021-44228 POC详情
358 None https://github.com/honypot/CVE-2021-44228 POC详情
359 None https://github.com/honypot/CVE-2021-44228-vuln-app POC详情
360 Java application vulnerable to the CVE-2021-44228 (a.k.a log4shell) vulnerability https://github.com/vulnerable-apps/log4shell-honeypot POC详情
361 A Log4j vulnerability scanner is used to identify the CVE-2021-44228 and CVE_2021_45046 https://github.com/manishkanyal/log4j-scanner POC详情
362 CVE-2021-44228 Log4j Summary https://github.com/TPower2112/Writing-Sample-1 POC详情
363 None https://github.com/Willian-2-0-0-1/Log4j-Exploit-CVE-2021-44228 POC详情
364 Generate primary obfuscated or secondary obfuscated CVE-2021-44228 or CVE-2021-45046 payloads to evade WAF detection. https://github.com/r3kind1e/Log4Shell-obfuscated-payloads-generator POC详情
365 Log4Shell Proof-Of-Concept derived from https://github.com/kozmer/log4j-shell-poc https://github.com/Phineas09/CVE-2021-44228 POC详情
366 CVE-2021-44228 vulnerability in Apache Log4j library https://github.com/hassaanahmad813/log4j POC详情
367 None https://github.com/yuuki1967/CVE-2021-44228-Apache-Log4j-Rce POC详情
368 This project files demostrate a proof-of-concept of log4j vulnerability (CVE-2021-44228) on AWS using Terraform Infrastructure-as-a-code means. https://github.com/moshuum/tf-log4j-aws-poc POC详情
369 Proof of concept of the Log4Shell vulnerability (CVE-2021-44228) https://github.com/jaehnri/CVE-2021-44228 POC详情
370 Log4Shell CVE-2021-44228 Demo https://github.com/ra890927/Log4Shell-CVE-2021-44228-Demo POC详情
371 A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228 https://github.com/bughuntar/log4j-scan POC详情
372 :page_with_curl: A report about CVE-2021-44228 https://github.com/vidrez/Ethical-Hacking-Report-Log4j POC详情
373 Apache Log4j is a logging tool written in Java. This paper focuses on what is Log4j and log4shell vulnerability and how it works, how it affects the victim, and how can this be mitigated https://github.com/vino-theva/CVE-2021-44228 POC详情
374 None https://github.com/tharindudh/tharindudh-Log4j-Vulnerability-in-Ghidra-tool-CVE-2021-44228 POC详情
375 Simple Java Front and Back end with bad log4j version featuring CVE-2021-44228 https://github.com/eurogig/jankybank POC详情
376 This powershell script is intended to be used by anyone looking to remediate the Log4j Vulnerability within their environment. It can target multiple machines and run remotely as a job on all or only affected devices. https://github.com/digital-dev/Log4j-CVE-2021-44228-Remediation POC详情
377 A Proof-Of-Concept for the CVE-2021-44228 vulnerability. https://github.com/ocastel/log4j-shell-poc POC详情
378 CVE-2021-44228 POC / Example https://github.com/bcdunbar/CVE-2021-44228-poc POC详情
379 DO NOT USE FOR ANYTHING REAL. Simple springboot sample app with vulnerability CVE-2021-44228 aka "Log4Shell" https://github.com/srcporter/CVE-2021-44228 POC详情
380 None https://github.com/Nexolanta/log4j2_CVE-2021-44228 POC详情
381 Vulnerability CVE-2021-44228 allows remote code execution without authentication for several versions of Apache Log4j2 (Log4Shell). Attackers can exploit vulnerable servers by connecting over any protocol, such as HTTPS, and sending a specially crafted string. https://github.com/demining/Log4j-Vulnerability POC详情
382 CVE 2021-44228 Proof-of-Concept. Log4Shell is an attack against Servers that uses vulnerable versions of Log4J. https://github.com/pierpaolosestito-dev/Log4Shell-CVE-2021-44228-PoC POC详情
383 An educational Proof of Concept for the Log4j Vulnerability (CVE-2021-44228) in Minecraft https://github.com/Sma-Das/Log4j-PoC POC详情
384 CVE-2021-44228 https://github.com/heeloo123/CVE-2021-44228 POC详情
385 this web is vulnerable against CVE-2021-44228 https://github.com/github-kyruuu/log4shell-vulnweb POC详情
386 A vulnerable Spring Boot application that uses log4j and is vulnerable to CVE-2021-44228, CVE-2021-44832, CVE-2021-45046 and CVE-2021-45105 https://github.com/demonrvm/Log4ShellRemediation POC详情
387 💣💥💀 Proof of Concept: пример запуска fork-бомбы на удаленном сервере благодаря уязвимости CVE-2021-44228 https://github.com/funcid/log4j-exploit-fork-bomb POC详情
388 Using this tool, you can scan for remote command execution vulnerability CVE-2021-44228 on Apache Log4j at multiple addresses. https://github.com/MrHarshvardhan/PY-Log4j-RCE-Scanner POC详情
389 None https://github.com/Muhammad-Ali007/Log4j_CVE-2021-44228 POC详情
390 Utilize Tai-e to identify the Log4shell (a.k.a. CVE-2021-44228) Vulnerability https://github.com/Tai-e/CVE-2021-44228 POC详情
391 Log4j Vulnerability RCE - CVE-2021-44228 https://github.com/LucasPDiniz/CVE-2021-44228 POC详情
392 Log4Shell (CVE-2021-44228) minecraft demo. Used for education fairs https://github.com/felixslama/log4shell-minecraft-demo POC详情
393 this web is vulnerable against CVE-2021-44228 https://github.com/sebuahapel/log4shell-vulnweb POC详情
394 Instructions for exploiting vulnerabilities CVE-2021-44228 and CVE-2023-46604 https://github.com/dcm2406/CVELab POC详情
395 None https://github.com/dcm2406/CVE-2021-44228 POC详情
396 this web is vulnerable against CVE-2021-44228 https://github.com/s3buahapel/log4shell-vulnweb POC详情
397 Instructions for exploiting vulnerabilities CVE-2021-44228 and CVE-2023-46604 https://github.com/dcm2406/CVE-Lab POC详情
398 jee web project with log4shell (CVE-2021-44228) vulnerability https://github.com/scabench/l4j-tp1 POC详情
399 jee web project with sanitised log4shell (CVE-2021-44228) vulnerability https://github.com/scabench/l4j-fp1 POC详情
400 A Terraform to deploy vulnerable app and a JDNIExploit to work with CVE-2021-44228 https://github.com/mkhazamipour/log4j-vulnerable-app-cve-2021-44228-terraform POC详情
401 this web is vulnerable against CVE-2021-44228 https://github.com/53buahapel/log4shell-vulnweb POC详情
402 Log4Shell CVE Analysis https://github.com/ItsCbass/CVE-2021-44228 POC详情
403 This is a potentially vulnerable Java web application containing Log4j affected by log4shell(CVE-2021-44228). https://github.com/KtokKawu/l4s-vulnapp POC详情
404 exploit CVE-2021-44228 https://github.com/sec13b/CVE-2021-44228-POC POC详情
405 CVE-2021-44228 https://github.com/ShlomiRex/log4shell_lab POC详情
406 Downloaded a packet capture (.pcapng) file from malware-traffic-analysis.net which was an example of an attempted attack against a webserver using the Log4J vulnerability (CVE-2021-44228). I examined teh amount of endpoints communicating with the server and knowing jnidi as a common in the vulnerbilty found it in clear text https://github.com/KirkDJohnson/Wireshark POC详情
407 None https://github.com/YangHyperData/LOGJ4_PocShell_CVE-2021-44228 POC详情
408 Created after the disclosure of CVE-2021-44228. Bash script that detects Log4j occurrences in your projects and systems, allowing you to get insight on versions used. Unpacks JARs and analyses their Manifest files. https://github.com/mebibite/log4jhound POC详情
409 None https://github.com/Panyaprach/Prove-CVE-2021-44228 POC详情
410 None https://github.com/c0d3cr4f73r/CVE-2021-44228 POC详情
411 On Thursday (December 9th), a 0-day exploit in the popular Java logging library log4j (version 2) was discovered that results in Remote Code Execution (RCE) by logging a certain string. Given how ubiquitous this library is, the impact of the exploit (full server control), and how easy it is to exploit, the impact of this vulnerability is quite severe. We're calling it "Log4Shell" for short. https://github.com/dark-ninja10/Log4j-CVE-2021-44228 POC详情
412 IOCs for CVE-2021-44228 https://github.com/xungzzz/VTI-IOCs-CVE-2021-44228 POC详情
413 None https://github.com/Hoanle396/CVE-2021-44228-demo POC详情
414 Objective: Demonstrate the exploitation of the Log4Shell vulnerability (CVE-2021-44228) within a simulated banking application environment. https://github.com/tadash10/Exploiting-CVE-2021-44228-Log4Shell-in-a-Banking-Environment POC详情
415 CVE-2021-44228 vulnerability study https://github.com/asd58584388/CVE-2021-44228 POC详情
416 None https://github.com/OtisSymbos/CVE-2021-44228-Log4Shell- POC详情
417 Log4J exploit CVE-2021-44228 https://github.com/safeer-accuknox/log4j-shell-poc POC详情
418 A script to search, scrape and scan for Apache Log4j CVE-2021-44228 affected files using Google dorks https://github.com/cergo123/log4j-dork-scanner POC详情
419 Fun things against the abuse of the recent CVE-2021-44228 (Log4Shell) vulnerability using common web servers. https://github.com/ph0lk3r/anti-jndi POC详情
420 log4shell sample application (CVE-2021-44228) https://github.com/Kadantte/CVE-2021-44228-poc POC详情
421 None https://github.com/rohan-flutterint/CVE-2021-44228_scanner POC详情
422 Proof of Concept (PoC) for the Log4Shell vulnerability (CVE-2021-44228), developed as part of the coursework for the curricular unit TPAS in the Master's degree in Information Security at FCUP. https://github.com/Carlos-Mesquita/TPASLog4ShellPoC POC详情
423 In December 2021, the world of cybersecurity was shaken by the discovery of the Log4Shell vulnerability (CVE-2021-44228), embedded within the widely-used Apache Log4j library. With a CVSS score of 10 https://github.com/AhmedMansour93/-Unveiling-the-Lessons-from-Log4Shell-A-Wake-Up-Call-for-Cybersecurity- POC详情
424 这是安徽大学 “漏洞分析实验”(大三秋冬)期中作业归档。完整文档位于https://testgames.me/2024/11/10/cve-2021-44228/ https://github.com/Super-Binary/cve-2021-44228 POC详情
425 None https://github.com/cve-2021-44228/cve-2021-44228 POC详情
426 None https://github.com/Sumitpathania03/LOG4J-CVE-2021-44228 POC详情
427 None https://github.com/JanICT/poc-ldap-cve-2021-44228 POC详情
428 None https://github.com/Kz0x-337/CVE-2021-44228 POC详情
429 调试环境 https://github.com/ZacharyZcR/CVE-2021-44228 POC详情
430 CVE-2021-44228 https://github.com/c3-h2/Log4j_Attacker_IPList POC详情
431 None https://github.com/qw3rtyou/CVE-2021-44228_dockernize POC详情
432 This repository provides an in-depth analysis of the Log4Shell vulnerability (CVE-2021-44228) and implements a machine learning-based approach to detect exploitation attempts in log data. https://github.com/yadavmukesh/Log4Shell-vulnerability-CVE-2021-44228- POC详情
433 Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046 cve-2021-44228, cve-2021-45046, dns, jndi, ldap, log4j, log4shell https://github.com/blackmidnig/log4shell-tools POC详情
434 Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046 cve-2021-44228, cve-2021-45046, dns, jndi, ldap, log4j, log4shell https://github.com/lustrouscave/log4shell-tools POC详情
435 None https://github.com/wheezysec/CVE-2021-44228-kusto POC详情
436 Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046 cve-2021-44228, cve-2021-45046, dns, jndi, ldap, log4j, log4shell https://github.com/surprisedmo/log4shell-tools POC详情
437 CVE-2021-44228 https://github.com/chihyeonwon/Log4shell POC详情
438 None https://github.com/Rainyseason-c/log4j2_CVE-2021-44228 POC详情
439 CVE-2021-44228 https://github.com/mr-won/Log4shell POC详情
440 Spring Boot is susceptible to remote code execution via Apache Log4j. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/springboot/springboot-log4j-rce.yaml POC详情
441 Multiple Code42 components are impacted by the logj4 vulnerability. Affected Code42 components include: - Code42 cloud: Updated Log4j from 2.15.0 to 2.17.1 on January 26, 2022 - Code42 app for Incydr Basic and Advanced and CrashPlan Cloud product plans: Updated Log4j from 2.16.0 to 2.17.1 on January 18, 2022 - Code42 User Directory Sync (UDS): Updated Log4j from 2.15.0 to 2.17.1 on February 2, 2022 - On-premises Code42 server: Mitigated from Log4j vulnerabilities by following these steps - On-premises Code42 app: Updated to Log4j 2.16 on December 17, 2021 https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/code42/code42-log4j-rce.yaml POC详情
442 JamF is susceptible to remote code execution via the Apache log4j library. Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI-related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/jamf/jamf-log4j-jndi-rce.yaml POC详情
443 Ivanti MobileIron is susceptible to remote code execution via the Apache Log4j2 library. Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI-related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/mobileiron/mobileiron-log4j-jndi-rce.yaml POC详情
444 Sonicwall NSM is susceptible to Log4j JNDI remote code execution. SonicWall Network Security Manager (NSM) allows you to centrally orchestrate all firewall operations error-free, see and manage threats and risks across your firewall ecosystem from one place, and stay connected and compliant. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/sonicwall-nsm-log4j-rce.yaml POC详情
445 Apache Druid is vulnerable to RCE due to Log4j. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/apache-druid-log4j.yaml POC详情
446 UniFi Network Application is susceptible to a critical vulnerability in Apache Log4j (CVE-2021-44228) that may allow for remote code execution in an impacted implementation. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/unifi-network-log4j-rce.yaml POC详情
447 OpenShift is susceptible to Log4j JNDI remote code execution. OpenShift is a unified platform to build, modernize, and deploy applications at scale. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/openshift-log4j-rce.yaml POC详情
448 Jitsi Meet is susceptible to Log4j JNDI remote code execution. Jitsi is a collection of free and open-source multiplatform voice, video conferencing and instant messaging applications for the Web platforms. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/jitsi-meet-log4j-rce.yaml POC详情
449 Symantec SPEM is susceptible to Log4j JNDI remote code execution. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/symantec-sepm-log4j-rce.yaml POC详情
450 Citrix XenApp is susceptible to Log4j JNDI remote code execution. Citrix Virtual Apps is an application virtualization software produced by Citrix Systems that allows Windows applications to be accessed via individual devices from a shared server or cloud system. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/citrix-xenapp-log4j-rce.yaml POC详情
451 Logstash is susceptible to Log4j JNDI remote code execution. Logstash is a free and open server-side data processing pipeline that ingests data from a multitude of sources, transforms it, and then sends it to your favorite "stash." https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/logstash-log4j-rce.yaml POC详情
452 Papercut is susceptible to Log4j JNDI remote code execution. Papercut is a print management system. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/papercut-log4j-rce.yaml POC详情
453 Rundeck is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/rundeck-log4j.yaml POC详情
454 GoAnywhere Managed File Transfer is vulnerable to a remote command execution (RCE) issue via the included Apache Log4j. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/goanywhere-mft-log4j-rce.yaml POC详情
455 Metabase is susceptible to remote code execution due to an incomplete patch in Apache Log4j 2.15.0 in certain non-default configurations. A remote attacker can pass malicious data and perform a denial of service attack, exfiltrate data, or execute arbitrary code. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/metabase-log4j.yaml POC详情
456 Splunk Enterprise is susceptible to Log4j JNDI remote code execution. Splunk Enterprise enables you to search, analyze and visualize your data to quickly act on insights from across your technology landscape. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/splunk-enterprise-log4j-rce.yaml POC详情
457 OpenNMS JNDI is susceptible to remote code execution via Apache Log4j 2.14.1 and before. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/opennms-log4j-jndi-rce.yaml POC详情
458 Seeyon OA is susceptible to remote code execution via the Apache Log4j 2 library prior to 2.15.0 by recording its own log information, specifically with specially crafted values sent as user input. Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI-related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/seeyon-oa-log4j.yaml POC详情
459 Elasticsearch 5 is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/elasticsearch5-log4j-rce.yaml POC详情
460 Graylog is susceptible to remote code execution via the Apache Log4j 2 library prior to 2.15.0 by recording its own log information, specifically with specially crafted values sent as user input. Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI-related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/graylog-log4j.yaml POC详情
461 Manage Engine Endpoint Central (formerly Desktop Central) is susceptible to Log4j JNDI remote code execution. Endpoint Central is a Unified Endpoint Management (UEM) & Endpoint protection suite that helps manage and secure various network devices https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/manage-engine-dc-log4j-rce.yaml POC详情
462 F-Secure Policy Manager is susceptible to Log4j JNDI remote code execution. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/f-secure-policymanager-log4j-rce.yaml POC详情
463 Pega is susceptible to Log4j JNDI remote code execution. Pega provides a powerful low-code platform that empowers the world's leading enterprises to Build for Change. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/pega-log4j-rce.yaml POC详情
464 XenMobile Server is an on-premises enterprise mobility management solution and versions 10.14 RP2, 10.13 RP5 and 10.12 RP10 are vulnerable to CVE-2021-44228 (Apache Log4j). JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/xenmobile-server-log4j.yaml POC详情
465 FortiPortal is susceptible to Log4j JNDI remote code execution. FortiPortal provides comprehensive security management and analytics within a multi-tenant, multi-tier management framework. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/fortiportal-log4j-rce.yaml POC详情
466 VMware Site Recovery Manager is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/vmware-siterecovery-log4j-rce.yaml POC详情
467 Okta is susceptible to Log4j JNDI remote code execution. Okta provides cloud software that helps companies manage and secure user authentication into applications, and for developers to build identity controls into applications, website web services and devices. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/okta-log4j-rce.yaml POC详情
468 Cisco vManage is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. More information is available in the cisco-sa-apache-log4j-qRuKNEbd advisory. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/cisco/cisco-vmanage-log4j.yaml POC详情
469 Cisco CloudCenter Suite is susceptible to remote code execution via the Apache Log4j library. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI-related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/cisco/cisco-cloudcenter-suite-log4j-rce.yaml POC详情
470 Cisco BroadWorks is susceptible to Log4j JNDI remote code execution. Cisco BroadWorks is an enterprise-grade calling and collaboration platform delivering unmatched performance, security and scale. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/cisco/cisco-broadworks-log4j-rce.yaml POC详情
471 Cisco WebEx is susceptible to Log4j JNDI remote code execution. Cisco WebEx provides web conferencing, videoconferencing and contact center as a service applications. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/cisco/cisco-webex-log4j-rce.yaml POC详情
472 Cisco Unified Communications is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/cisco/cisco-unified-communications-log4j.yaml POC详情
473 Apache OFBiz is affected by a remote code execution vulnerability in the bundled Apache Log4j logging library. Apache Log4j is vulnerable due to insufficient protections on message lookup substitutions when dealing with user controlled input. A remote, unauthenticated attacker can exploit this, via a web request, to execute arbitrary code with the permission level of the running Java process. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/apache/apache-ofbiz-log4j-rce.yaml POC详情
474 Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. This vulnerability affects Solr 7+. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/apache/apache-solr-log4j-rce.yaml POC详情
475 JamF is susceptible to Lof4j JNDI remote code execution. JamF is the industry standard when it comes to the management of iOS devices (iPhones and iPads), macOS computers (MacBooks, iMacs, etc.), and tvOS devices (Apple TV). https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/apache/log4j/jamf-pro-log4j-rce.yaml POC详情
476 VMware vRealize Operations is susceptible to a critical vulnerability in Apache Log4j which may allow remote code execution in an impacted vRealize Operations Tenant application. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml POC详情
477 VMware Operations Manager is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/vmware/vmware-operation-manager-log4j.yaml POC详情
478 VMware VCenter is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/vmware/vmware-vcenter-log4j-jndi-rce.yaml POC详情
479 VMware NSX is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/vmware/vmware-nsx-log4j.yaml POC详情
480 VMware HCX is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/vmware/vmware-hcx-log4j.yaml POC详情
481 VMware Horizon is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/vmware/vmware-horizon-log4j-jndi-rce.yaml POC详情
482 Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-44228.yaml POC详情
483 None https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Apache%20Log4j2%20lookup%20JNDI%20%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%20CVE-2021-44228.md POC详情
484 https://github.com/vulhub/vulhub/blob/master/log4j/CVE-2021-44228/README.md POC详情
485 CVE-2021-44228 https://github.com/user20252228/Log4shell POC详情
486 Kiểm thử xâm nhập https://github.com/khaidtraivch/CVE-2021-44228-Log4Shell- POC详情
三、漏洞 CVE-2021-44228 的情报信息