CVE-2021-44228 PoC — Apache Log4j 代码问题漏洞

Source

https://github.com/infiniroot/nginx-mitigate-log4shell

Associated Vulnerability

Title:Apache Log4j 代码问题漏洞 (CVE-2021-44228)
Description:Apache Log4j是美国阿帕奇（Apache）基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞，攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器，当该请求被打印成日志时就会触发远程代码执行。

Description

Mitigate log4shell (CVE-2021-44228) vulnerability attacks using Nginx LUA script

Readme

# nginx-mitigate-log4shell
Mitigate log4shell (CVE-2021-44228 and CVE-2021-45046) vulnerability attacks using Nginx LUA script

Requires the Nginx lua module (https://www.nginx.com/resources/wiki/modules/lua/) to be enabled.

Use `include /path/to/mitigate-log4shell.conf;` in the `server {...}` context. Can be included in multiple server contexts.

Can also be placed in the `http {...}` context and is therefore automatically applied on every Nginx config.

More information in our blog article: https://www.infiniroot.com/blog/1155/using-nginx-lua-script-mitigate-log4shell-cve-2021-44228-vulnerability .

File Snapshot


 [4.0K]  /data/pocs/14cc97948762c437ae3f54aaa41bade746d68a81
├── [3.9K]  examples-in-the-wild.md
├── [ 11K]  LICENSE
├── [1.4K]  mitigate-log4shell.conf
└── [ 609]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!