POC详情: 2cb25bb6afc77b0e80da4e32a888217131065a8e

来源
https://github.com/palominoinc/cve-2021-44228-log4j-mitigation
关联漏洞
标题: Apache Log4j 代码问题漏洞 (CVE-2021-44228)
描述:Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞,攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器,当该请求被打印成日志时就会触发远程代码执行。
描述
Mitigate against log4j vulnerability
介绍
# cve-2021-44228-log4j-mitigation
These are some simple scripts to mitigate against log4j vulnerability on Tomcat servers or Java enterprise or web applications

Several sites suggest a few steps to mitigate against the log4j vulnerability discovered on Dec 9, 2021. 
The vulnerablity is due to a "feature" in the common loggin facility log4j, allowing LDAP lookups to 
resolve certain variables in incoming HTTP headers. 

Among these suggested solutions are: 

1. Upgrade to log4j v2.16.0
1. Disable LDAP lookups via configuration change
1. Disable LDAP lookups in log4j, by removing class files

The upgrade to v2.16.0 may come with significant risk to some applications which are using legacy libraries and would require a fill regression test. While this is the correct approach to take, it may be impractical for a fast solution. 
**Note: even this uograde has recently been noted as incomplete solution.**

Disabling LDAP lookups in logging is a practical, fast solution in the interim. This will mean that if your application is logging the result of LDAP lookups (such as full user names or departmental information) at the moment, it will no longer be able to do this. However, we believe that very few application make use of this feature and will in most cases continue to function until the upgrade fix is in place. In particular, if there is no LDAP server configuration present in the web application, this feature should have never been turned on. 

A quick smoke test would be to: 
1. test re-logins
2. temporarily change LDAP configuration, if present at all - see above.

[The included script does the following](fix-log4j.sh): 

1. backup all log4j-core libraries on the system to a tar file
2. for each library file, remove the culprit `JndiLookup` class
3. disable JNDI Lookups in tomcat properties
4. restart tomcat service


**NOTE: this supplied script comes with absolutely NO WARRANTY. Your system may be quite different, or missing prerequisites for this script to work. It is a guidance for specific solution on your environment. **
文件快照

 [4.0K]  /data/pocs/2cb25bb6afc77b0e80da4e32a888217131065a8e
├── [ 563]  fix-log4j.sh
└── [2.0K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。