POC详情: c360f16350a921700e6ce00004bc3b168e292d1f

来源
https://github.com/atlassion/RS4LOGJ-CVE-2021-44228
关联漏洞
标题: Apache Log4j 代码问题漏洞 (CVE-2021-44228)
描述:Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞,攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器,当该请求被打印成日志时就会触发远程代码执行。
描述
Fix: CVE-2021-44228 4LOGJ
介绍
# RS4LOGJ-CVE-2021-44228
## Apache Log4j vulnerability - CVE-2021-44228 instructions for Remote Syslog:

Remote Syslog uses the Elasticsearch module to save logging.

Effected products:
- RSv2
- RSE
- RSX

RSC is not effected.

## Check:

Check version:
```
curl -XGET 'http://localhost:9200'
```

Output:
```
"number" : "7.16.2"
```
or 
```
"number" : "6.8.22"
```
Official document Elasticsearch: 
```
https://www.elastic.co/blog/new-elasticsearch-and-logstash-releases-upgrade-apache-log4j2
```

All versions below: 7.16.2 or 6.8.22 are vulnerable. If the version is higher you are good to go and no action is needed.

## Upgrade instuction to Elasticsearch 7.16.2 or 6.8.22:
1) In case of a vitual machine create a snapshot
2) Run the upgrade:
```
sudo apt update && sudo apt upgrade
```

!!Please check if the recommended version or higher is going to be installed!!

## Mitigation without upgrade:

Edit:
```
nano /etc/elasticsearch/jvm.options
```

Add: 
```
-Dlog4j2.formatMsgNoLookups=true
```

Restart elasticsearch service:
```
service elasticsearch restart
```
文件快照

 [4.0K]  /data/pocs/c360f16350a921700e6ce00004bc3b168e292d1f
└── [1.0K]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。