CVE-2021-44228 PoC — Apache Log4j 代码问题漏洞

Source

https://github.com/dmitsuo/log4shell-war-fixer

Associated Vulnerability

Title:Apache Log4j 代码问题漏洞 (CVE-2021-44228)
Description:Apache Log4j是美国阿帕奇（Apache）基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞，攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器，当该请求被打印成日志时就会触发远程代码执行。

Description

Shell script to remove JndiLookup class from Log4J 2 jar file, inside WAR file, in order to mitigate CVE-2021-44228, a.k.a., #Log4Shell

Readme

# log4shell-war-fixer

Linux shell script that patches a WAR file from #Log4Shell vulnerability (CVE-2021-44228).

It looks for <b><code>Log4j 2</code></b> jar file inside WAR file and remove <b><code>JndiLookup.class</code></b> if needed.

Usage:

<code>user@host:~$ <b>./log4shell-war-fixer.sh</b> my-vuln-app.war</code>

![Usage](img/01-screen.png "Usage")

File Snapshot


 [4.0K]  /data/pocs/14a3b683f4d7cabecd2c101e137a40684c2ab863
├── [4.0K]  img
│   └── [110K]  01-screen.png
├── [1.7K]  log4shell-war-fixer.sh
└── [ 360]  README.md

1 directory, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!