POC详情: 3badec14dd28ea0500843617d587c538dcc40bac

来源
https://github.com/ben-smash/l4j-info
关联漏洞
标题: Apache Log4j 代码问题漏洞 (CVE-2021-44228)
描述:Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞,攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器,当该请求被打印成日志时就会触发远程代码执行。
描述
Compiling links of value i find regarding CVE-2021-44228
介绍
# l4j-info
Compiling valuable links as I find them documenting CVE-2021-44228 or Log4J

# Critical First Party advisories:
- [Existing Log4J 1.2 vulnerability CVE-2019-17571 is also potentially present](https://www.cvedetails.com/cve/CVE-2019-17571)
- [Apache Log4J Version 2.x Security Information](https://logging.apache.org/log4j/2.x/security.html)
- [VMWare critical vulnerability advisory](https://www.vmware.com/security/advisories/VMSA-2021-0028.html)
- [Cisco product vulnerability announcement](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd)
- [Sophos products affected](https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce)
- [Microsoft’s response to CVE-2021-44228](https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/)

# Intelligence & Mitigation:
- [Microsoft mitigation strategy](https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/)
- [CISA Cyber Hygine Services](https://www.cisa.gov/cyber-hygiene-services)
- [Microsoft Azure Sentinel IoC list, YAML](https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/Log4J_IPIOC_Dec112021.yaml)
- [Where to look & what we’re looking for](https://github.com/timb-machine/log4j/)
- [Huntress Log4Shell Vulnerability Tester](https://log4shell.huntress.com/)
- [Malware samples known to be exploiting Log4J](https://t.co/xvJa5yJKws)
- [Indicators of Compromise by IP Source](https://threatfox.abuse.ch/browse/tag/log4j/)
- [Loghunt’s Log4j-scan scanner for finding vulnerable hosts](https://github.com/fullhunt/log4j-scan)
- [Greynoise’s live list of known Apache Log4J Remote Code Execution Attempts](https://www.greynoise.io/viz/query/?gnql=tags%3A%22Apache%20Log4j%20RCE%20Attempt%22)
- [File hashes for known vulnerable versions of Log4Shell](https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes)
- [Malicious LDAP server for proof-of-concept testing](https://github.com/veracode-research/rogue-jndi)
- [How to restrict LDAP access via JNDI at the code-level](https://github.com/apache/logging-log4j2/pull/608/files/755e2c9d57f0517a73d16bfcaed93cc91969bdee)
- 

# Summary Articles:
- [Understanding Log4Shell with Randori & Greynoise ](https://info.randori.com/log4j-log4shell-webinar-greynoise)
- [NCCGroup’s Reconnaissance and Post Exploit Detection guide](https://research.nccgroup.com/2021/12/12/log4shell-reconnaissance-and-post-exploitation-network-detection/)
- [Swiss Government Advisory & Attack Explanation](https://www.govcert.admin.ch/blog/zero-day-exploit-targeting-popular-java-library-log4j/)
- [Potentially affected vendors and projects](https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592)
- [Tech Solvency’s “Story so Far”](https://www.techsolvency.com/story-so-far/cve-2021-44228-log4j-log4shell/)
- [List of Known Payloads, Threat Reports and IoC lists.](https://github.com/curated-intel/Log4Shell-IOCs)
- [Cloudflare hosting’s response to Log4j 2 vulnerability](https://blog.cloudflare.com/how-cloudflare-security-responded-to-log4j2-vulnerability/)
文件快照

 [4.0K]  /data/pocs/3badec14dd28ea0500843617d587c538dcc40bac
├── [ 11K]  LICENSE
└── [3.1K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。