关联漏洞
描述
Java agent that disables Apache Log4J's JNDI Lookup. Fixes CVE-2021-44228, aka "Log4Shell."
介绍
# Log4NoShell
A Java Agent that disables Apache Log4J's JNDI Lookup to mitigate [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) ("Log4Shell").
If possible, update your program to use the latest Log4J version, as the vulnerability is fixed as of version *2.17.1*.
Otherwise, download [log4noshell-0.5.jar](log4noshell-0.5.jar) and continue reading.
## Usage
To use Java Agents, you must specify them with the `-javaagent` argument. \
`java -javaagent:path/to/log4noshell-0.5.jar -jar Program.jar`
### **Minecraft**
Please read [Mojang's response](https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition)
to determine if you might need this patcher.
- Client:
1. Go to the *Installations* tab in the launcher
2. Click on the **three dots** on the **right** side of the version you'd like to use
3. Click *Edit*
4. Scroll down and click on *More Options*
5. Add `-javaagent:path/to/log4noshell-0.5.jar` to the *JVM Arguments* text-field
- `-javaagent:path/to/log4noshell-0.5.jar -Xms2G -Xms2G...`
6. Click *Save*
- Server:
1. Add `-javaagent:path/to/log4noshell-0.5.jar` somewhere before the `-jar` in your launch/start/run command
- `java -javaagent:path/to/log4noshell-0.5.jar -jar minecraft_server.jar`
文件快照
[4.0K] /data/pocs/49a064700d322620013acdd8b6be084160de7643
├── [1.0K] LICENSE
├── [178K] log4noshell-0.5.jar
├── [2.7K] pom.xml
├── [1.3K] README.md
└── [4.0K] src
└── [4.0K] main
├── [4.0K] java
│ └── [4.0K] io
│ └── [4.0K] github
│ └── [4.0K] winnpixie
│ └── [4.0K] log4noshell
│ ├── [2.2K] JndiLookupTransformer.java
│ └── [ 531] Log4NoShellAgent.java
└── [4.0K] resources
└── [4.0K] META-INF
└── [ 86] MANIFEST.MF
9 directories, 7 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。