Skip to content
/ log4j Public

Repo containing all info, scripts, etc. related to CVE-2021-44228

Notifications You must be signed in to change notification settings

wortell/log4j

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

41 Commits
 
 

Repository files navigation

CVE-2021-44228 a.k.a. LOG4J

This is a public repository from Wortell containing information, links, files and other items related to vulnerabilities related to Log4j

Due to vulnerabilities in log4j 2.17.0 it is now recommended to patch to version 2.17.1

Knows CVEs

CVE Score Description
CVE-2021-44228 10.0 A remote code execution vulnerability affecting Log4j versions from 2.0-beta9 to 2.14.1 (Fixed in version 2.15.0)
CVE-2021-45046 9.0 An information leak and remote code execution vulnerability affecting Log4j versions from 2.0-beta9 to 2.15.0, excluding 2.12.2 (Fixed in version 2.16.0)
CVE-2021-45105 7.5 A denial-of-service vulnerability affecting Log4j versions from 2.0-beta9 to 2.16.0 (Fixed in version 2.17.0)
CVE-2021-44832 6.6 A Remote code execution vulnerability affecting Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4)

log4j-wortell-octo-ninja

1. Scanning

Here are a few options to try and find applications that use Log4j and could potentially be abused:

2. Indicators of Compromise

Florian Roth also posted a great YARA rule: https://github.com/Neo23x0/signature-base/blob/master/yara/expl_log4j_cve_2021_44228.yar

3. Vulerable Applications

4. Information

anatomy_log4j

5. Samples

6. Patches

7. Mitigation Guide

! IMPORTANT ! Exploits are continously developed. Aways make sure to work with the latest version of scanners. It is verified that scanners used below take into account that version 2.17.1 of log4j is recommended.

  1. Identify potential vulnerable devices by using https://github.com/NCSC-NL/log4shell/blob/main/software/README.md - This a time consuming task, but you need to do it anyway, so better start quickly!

  2. Run a scan to check for vulnerable java applications/dependancies using: https://github.com/dtact/divd-2021-00038--log4j-scanner with command divd-2021-00038--log4j-scanner.exe {target-path} and watch for files that have been classified as vulnerable.

Version Classification
2.12.4 Safe
2.17.1 Safe
2.3.2 Safe
2.16.0 Okay
2.15.0 Okay
< 2.15.0 Vulnerable
  1. Run a scan to check for expoit attempts using https://github.com/Neo23x0/log4shell-detector python3 log4shell-detector.py -p c:\ and watch for exploitation attempts.

8. Wortell blogs

Here are Wortell specialists blogging about LOG4J:

tvm

reverse_engineering

About

Repo containing all info, scripts, etc. related to CVE-2021-44228

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •