POC详情: 203766ee76bceb89f50ecd80864b85b629347fab

来源
https://github.com/stripe/log4j-remediation-tools
关联漏洞
标题: Apache Log4j 代码问题漏洞 (CVE-2021-44228)
描述:Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞,攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器,当该请求被打印成日志时就会触发远程代码执行。
描述
Tools for remediating the recent log4j2 RCE vulnerability (CVE-2021-44228)
介绍
# `log4j-remediation-tools`

> Tools for finding and reproducing the [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) `log4j2` vulnerability

## Tools

- [`find-vulnerabilities`](./find-vulnerabilities): determine heuristically whether a running JVM is vulnerable
- [`confirm-vulnerabilities`](./confirm-vulnerabilities): determine with 100% accuracy whether a running JVM is vulnerable

## Usage

Both of these tools scan all running JVM processes on a machine, and produce a CSV report about which processes may be / are vulnerable.

Check out the corresponding READMEs for [`find-vulnerabilities/`](./find-vulnerabilities) and [`confirm-vulnerabilities/`](./confirm-vulnerabilities) for usage details.

### Which tool should I use?

Here are a few tradeoffs to help you determine which tool is right for your use case:

`find-vulnerabilities` is low-risk to run, but has the possibility of missing:

- Cases where a system property is not set on the CLI, e.g. at runtime
- Cases where the JVM has closed the file descriptor for the jar
- Non-standard / patched releases of `log4j2`

`confirm-vulnerabilities` uses the JVM Attach API which:

- May not work if an application explicitly disables this API
- May crash the running JVM due to JVM bugs
- May briefly slow down the running JVM while waiting for JVM pause

## Contributing

This project welcomes feedback and contributions; however, we might be slow to respond to or triage your requests. We appreciate your patience.

## License

This project uses the [MIT license](LICENSE.md).

## Code of conduct

This project has adopted the Stripe [Code of conduct](CODE_OF_CONDUCT.md).
文件快照

 [4.0K]  /data/pocs/203766ee76bceb89f50ecd80864b85b629347fab
├── [3.3K]  CODE_OF_CONDUCT.md
├── [4.0K]  confirm-vulnerabilities
│   ├── [4.3K]  is-it-vulnerable.iml
│   ├── [2.3K]  pom.xml
│   ├── [5.1K]  README.md
│   └── [4.0K]  src
│       └── [4.0K]  main
│           └── [4.0K]  java
│               └── [4.0K]  com
│                   └── [4.0K]  stripe
│                       └── [4.0K]  log4j
│                           └── [4.0K]  isitvuln
│                               ├── [1.0K]  FileFormats.java
│                               ├── [ 719]  HostInfo.java
│                               ├── [5.3K]  InspectedJVM.java
│                               ├── [3.5K]  IsItVulnAgent.java
│                               ├── [2.4K]  IsItVuln.java
│                               └── [1.3K]  ProcessInfo.java
├── [4.0K]  find-vulnerabilities
│   ├── [8.3K]  fingerprint.go
│   ├── [ 358]  go.mod
│   ├── [1.5K]  go.sum
│   ├── [ 713]  helpers.go
│   ├── [1.4K]  jarfile.go
│   ├── [ 12K]  log4j.go
│   ├── [2.7K]  README.md
│   └── [ 753]  version.go
├── [1.1K]  LICENSE
└── [1.6K]  README.md

9 directories, 20 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。