Lucene search

9C874FAC-8640-5978-8C60-AF6528E5DF60

HistoryDec 15, 2021 - 7:19 p.m.

Exploit for Expression Language Injection in Apache Log4J

2021-12-1519:19:52

346

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.974 High

EPSS

Percentile

99.9%

JSON

Sample Log4j2 vulnerable application (CVE-2021-45046)

Versi…

This is an article that belongs to githubexploit private collection.
Please sign in to get more Information.

githubexploit

Exploit for Deserialization of Untrusted Data in Apache Log4J

2022-01-05 04:13:59

Exploit for Expression Language Injection in Apache Log4J

2021-12-18 11:43:56

Exploit for Deserialization of Untrusted Data in Apache Log4J

2021-12-15 09:01:37

nessus

Apache Log4j 2.x < 2.16.0 RCE (MacOS) (deprecated)

2021-12-17 00:00:00

Amazon Linux 2 : java-17-amazon-corretto, java-11-amazon-corretto, java-1.8.0-openjdk, java-1.7.0-openjdk (ALAS-2021-1731)

2021-12-18 00:00:00

Splunk Enterprise 8.1.x < 8.1.7.2 / 8.2.x < 8.2.3.3 Log4j

2022-02-25 00:00:00

freebsd

OpenSearch -- Log4Shell

2021-12-14 00:00:00

graylog -- remote code execution in log4j from user-controlled log input

2021-11-14 00:00:00

cnvd

Apache log4j2 denial of service vulnerability

2021-12-16 00:00:00

kaspersky

KLA12391 RCE vulnerability in Apache Log4j

2021-12-14 00:00:00

osv

apache-log4j2 - security update

2021-12-16 00:00:00

Incomplete fix for Apache Log4j vulnerability

2021-12-14 18:01:28

CVE-2021-45046

2021-12-14 19:15:07

ibm

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2021-4104, CVE-2021-45046)

2022-01-12 21:06:00

Security Bulletin: Multiple vulnerabilities in Apache Log4j impact IBM Workload Scheduler (CVE-2021-4104, CVE-2021-45046)

2022-01-10 09:19:17

Security Bulletin: Multiple Vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Remote Server

2021-12-17 16:41:40

thn

Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges

2021-12-16 06:24:00

Second Log4j Vulnerability (CVE-2021-45046) Discovered — New Patch Released

2021-12-15 05:26:00

Researchers Uncover New Drokbk Malware that Uses GitHub as a Dead Drop Resolver

2022-12-09 11:25:00

vmware

VMware Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046)

2021-12-10 00:00:00

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

2021-12-10 00:00:00

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

2021-12-10 00:00:00

suse

Security update for log4j (important)

2021-12-20 00:00:00

Security update for log4j (important)

2021-12-17 00:00:00

veracode

Denial Of Service (DoS)

2021-12-15 00:30:50

prion

Default configuration

2021-12-14 19:15:00

Authorization

2022-08-24 16:15:00

Race condition

2022-06-17 13:15:00

cve

CVE-2021-45046

2021-12-14 19:15:00

CVE-2021-4125

2022-08-24 16:15:00

redhatcve

CVE-2021-45046

2022-05-07 14:27:31

openvas

Apache Log4j 2.0.x Multiple Vulnerabilities (Web Application URL Parameter, Log4Shell) - Active Check

2022-03-30 00:00:00

Ubuntu: Security Advisory (USN-5197-1)

2021-12-16 00:00:00

openSUSE: Security Advisory for log4j (openSUSE-SU-2021:1601-1)

2022-02-01 00:00:00

amazon

Critical: java-17-amazon-corretto, java-11-amazon-corretto, java-1.8.0-openjdk, java-1.7.0-openjdk

2021-12-17 18:12:00

Critical: java-1.8.0-openjdk, java-1.7.0-openjdk, java-1.6.0-openjdk

2021-12-17 17:39:00

Critical: aws-kinesis-agent

2021-12-16 00:11:00

checkpoint_advisories

Apache Log4j Remote Code Execution (CVE-2021-44228; CVE-2021-45046)

2021-12-10 00:00:00

redos

ROS-20211223-01

2021-12-23 00:00:00

fortinet

Apache log4j2 log messages substitution (CVE-2021-44228)

2021-12-12 00:00:00

talosblog

Quarterly Report: Incident Response Trends in Q2 2022

2022-07-26 14:03:00

Quarterly Report: Incident Response Trends in Q3 2022

2022-10-25 12:00:00

nuclei

Apache Log4j2 - Remote Code Injection

2021-12-23 15:41:50

gentoo

Ubiquiti UniFi: remote code execution via bundled log4j

2023-10-26 00:00:00

securelist

CVE-2021-44228 vulnerability in Apache Log4j library

2021-12-13 14:10:21

Answering Log4Shell-related questions

2021-12-20 15:45:30

redhat

(RHSA-2021:5108) Critical: OpenShift Container Platform 4.8.z security update

2021-12-14 14:18:30

(RHSA-2021:5106) Critical: OpenShift Container Platform 4.6.z security update

2021-12-16 06:06:42

(RHSA-2021:5094) Moderate: OpenShift Container Platform 3.11.z security update

2021-12-14 05:40:01

intel

Intel® Product Advisory for Apache Log4j2 Vulnerabilities (CVE-2021-44228 & CVE-2021-45046)

2022-01-12 00:00:00

typo3

Statement on Recent log4j/log4shell Vulnerabilities (CVE-2021-44228)

2021-12-16 00:00:00

threatpost

APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools

2021-12-30 16:16:23

mssecure

MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations

2022-08-25 16:00:00

kitploit

Log4J-Detector - Detects Log4J versions on your file-system within any application that are vulnerable to CVE-2021-44228 and CVE-2021-45046

2021-12-20 04:38:00

log4j-scan - A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts

2021-12-20 11:30:00

ubuntu

Apache Log4j 2 vulnerability

2021-12-15 00:00:00

debiancve

CVE-2021-45046

2021-12-14 19:15:00

attackerkb

CVE-2021-45046

2021-12-14 00:00:00

CVE-2021-44228 (Log4Shell)

2022-02-08 00:00:00

debian

[SECURITY] [DSA 5022-1] apache-log4j2 security update

2021-12-16 10:45:10

ubuntucve

CVE-2021-45046

2021-12-14 00:00:00

github

Incomplete fix for Apache Log4j vulnerability

2021-12-14 18:01:28

Remote code injection in Log4j

2021-12-10 00:40:56

impervablog

Log4Shell log4j Remote Code Execution – The COVID of the Internet

2022-01-06 16:41:56

malwarebytes

[Update: CISA issues Log4j vulnerabilities scanner] Log4j zero-day “Log4Shell” arrives just in time to ruin your weekend

2021-12-10 18:03:28

mmpc

MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations

2022-08-25 16:00:00

rapid7blog

How to Protect Your Applications Against Log4Shell With tCell

2021-12-15 14:58:14

huawei

Security Advisory - Apache log4j2 remote code execution vulnerabilities in some Huawei products

2021-12-15 00:00:00

mageia

Updated log4j packages fix security vulnerability

2021-12-19 15:26:08

K32171392 : Apache Log4j2 vulnerability CVE-2021-45046

2021-12-16 00:00:00

cisa_kev

Apache Log4j2 Deserialization of Untrusted Data Vulnerability

2023-05-01 00:00:00

qualysblog

How to Discover Log4Shell Vulnerabilities in Running Containers & Images

2021-12-27 19:39:34

symantec

Symantec Security Advisory for Log4j Vulnerability

2021-12-11 01:06:47

avleonov

Log4j “Log4Shell” RCE explained (CVE-2021-44228)

2021-12-26 22:07:17

fedora

[SECURITY] Fedora 34 Update: log4j-2.17.0-1.fc34

2021-12-27 00:56:30

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.974 High

EPSS

Percentile

99.9%

JSON

Exploit for Expression Language Injection in Apache Log4J

Sample Log4j2 vulnerable application (CVE-2021-45046)

Versi…

Related