Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints. This Metasploit module will scan an HTTP end point for the Log4Shell vulnerability by injecting a format message that will trigger an LDAP connection to Metasploit. This Metasploit module is a generic scanner and is only capable of identifying instances that are vulnerable via one of the pre-determined HTTP request injection points. These points include HTTP headers and the HTTP request path. Known impacted software includes Apache Struts 2, VMWare VCenter, Apache James, Apache Solr, Apache Druid, Apache JSPWiki, Apache OFBiz.
0c99025a240dc811b182feb7d9c9d3253b1e32fb38ca51be4415745de5402484ADManager Plus version 7122 suffers from a remote code execution vulnerability.
f79c90f12ca249e76d4868e357b605604f3234c5ab59fa3da2bb92e0275a4d71MobileIron Core is affected by the Log4Shell vulnerability whereby a JNDI string sent to the server will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the tomcat user. This Metasploit module will start an LDAP server that the target will need to connect to.
d15ef16680da0566fc6f0cd17aa36d661420fd2c8fbf3f002025e66fc8acc462Apple Security Advisory 2022-03-14-7 - Xcode 13.3 addresses code execution and out of bounds read vulnerabilities.
1d8bad9cb38e9301927404d011c17922380da91299a1819eb8e62a8e6dacb150Red Hat Security Advisory 2022-0296-03 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.12.0 serves as an update to Red Hat Process Automation Manager 7.11.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, denial of service, deserialization, and traversal vulnerabilities.
9fe5d56b67e4cb17b94b89a61187f0f0526832f9b202ea4e38ac4241e4d83532The Ubiquiti UniFi Network Application versions 5.13.29 through 6.5.53 are affected by the Log4Shell vulnerability whereby a JNDI string can be sent to the server via the remember field of a POST request to the /api/login endpoint that will cause the server to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the server application. This Metasploit module will start an LDAP server that the target will need to connect to.
371aff703a1c6ed83abe19b12644a1663d1052646d88c385fcca8a64bc63db21Whitepaper that gives exploitation and overview details on the Log4j vulnerability as noted in CVE-2021-44228.
1718bbf0d45e1ebf16dbdf6e329a8b2f32b620f142e69ae4db5a2403502ff6acVMware vCenter Server is affected by the Log4Shell vulnerability whereby a JNDI string can be sent to the server that will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the root user in the case of the Linux virtual appliance and SYSTEM on Windows. This Metasploit module will start an LDAP server that the target will need to connect to. This exploit uses the logon page vector.
a640959afe63b432e9f52c735f5ef2799a3bab57bd19790c2fcebb608d3e3a86Red Hat Security Advisory 2022-0203-03 - The releases of Red Hat Fuse 7.8.2, 7.9.1 and 7.10.1 serve as a patch to Red Hat Fuse on Karaf and Red Hat Fuse on Spring Boot and includes security fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and denial of service vulnerabilities.
f8f49c5ce9654d296d93186fe4a411f91a37373917ccb904ee88d4aee08b2dd8This Metasploit module will exploit an HTTP end point with the Log4Shell vulnerability by injecting a format message that will trigger an LDAP connection to Metasploit and load a payload. The Automatic target delivers a Java payload using remote class loading. This requires Metasploit to run an HTTP server in addition to the LDAP server that the target can connect to. The targeted application must have the trusted code base option enabled for this technique to work. The non-Automatic targets deliver a payload via a serialized Java object. This does not require Metasploit to run an HTTP server and instead leverages the LDAP server to deliver the serialized object. The target application in this case must be compatible with the user-specified JAVA_GADGET_CHAIN option.
fb881ade3573c4c3970acc27f51ba1d3ac1aaff25446ea8e525ce3aca4d0ca4dRed Hat Security Advisory 2022-0082-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.11.1 serves as an update to Red Hat Process Automation Manager 7.11.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a code execution vulnerability.
a92a8bec4e4bb08b576106882778eec3289082354d6ea4d7e170ec45c4a09d7aDebian Linux Security Advisory 5020-1 - Chen Zhaojun of Alibaba Cloud Security Team discovered a critical security vulnerability in Apache Log4j, a popular Logging Framework for Java. JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From version 2.15.0, this behavior has been disabled by default.
d0aca50b8b49a7bc8f1bbb01cb127d84b478f189d829e302cdf52f86f86356a3VMware Security Advisory 2021-0028.4 - VMware has released a response to the Apache Log4j remote code execution vulnerability. They have updated this advisory.
957e29f898225bb7fd6b5e005b5fc7f5f33240b94a7b9f29556d699b70f105a7Ubuntu Security Notice 5192-2 - USN-5192-1 fixed a vulnerability in Apache Log4j 2. This update provides the corresponding update for Ubuntu 16.04 ESM. Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run programs via a special crafted input. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
af21e945a7ab434223e99bdb3bbc6b8178d5ddae08d33a0c9378383000666b73Red Hat Security Advisory 2021-5107-06 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include code execution and denial of service vulnerabilities.
8e6f91b111dc9af75d98ab70a4b877ecdcb76fcbbc86e88c66e6dd5a73b05cb0Red Hat Security Advisory 2021-5106-04 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include code execution and denial of service vulnerabilities.
3eae04a0c0d140e6c2880ef3fcf5ffc8a3fa7ad03800bcec38b01dd6d100b835Red Hat Security Advisory 2021-5148-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include code execution and denial of service vulnerabilities.
02a5b690aa5f3da55df25dda2d010d06447d07d94d25558ea088f3969b67548eRed Hat Security Advisory 2021-5141-05 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include code execution and denial of service vulnerabilities.
d104c2bf92437579cc766d146cc5008946b64edbdda10703332f4b2472913b2eUbuntu Security Notice 5197-1 - It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. An attacker could use this vulnerability to cause a denial of service.
98b3f5b50a143e8a3a3208e07f10d613b0d893802d8c93bdbe54f46ef75abb9blog4j-scan is fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts. It supports fuzzing for more than 60 HTTP request headers, JSON data parameters, and HTTP POST Data parameters. It also supports DNS callback for vulnerability discovery and validation and includes WAF bypass payloads.
0d5ae7f22f482484023dbdde93229a59915d292aefd32e04445b6847b7cbe5c8This utility looks for log4j in the currently running JVM. It is useful for systems that allow plugins to introduce their own jars. Therefore, you can find if someone is using log4j with a dangerous version.
f3e9c324df46c5349054a5e341c715ffbb5f3a49b2dcb09981741f4aa2e019e7This is a basic bash script to detect log4j indicators of compromise (IoCs) in Linux log files.
cac18b2d6343c61bc55d312a115a6b13a4e02c2b28f3e4b83320cd33353f71a1This honeypot runs a fake Minecraft server waiting to be exploited with log4j. Payload classes are saved to the payloads/ directory.
671e0e08f3222b36a45cdb838e96e036c46204e4de6145f8d10b9ce7e566aed3Log4j remote code execution exploit with a trick to bypass words blocking patches. Works on Log4j versions 2.14.1 and below.
de7380eb6b3fc4c49f27978b8a6c7f1adef40597e054a9798db4c61a23e7311fFully independent log4j exploit that does not require any 3rd party binaries. The exploit sprays the payload to all possible logged HTTP Headers such as X-Forwarding, Server-IP, User-Agent.
19e37dec69c98eb8297671319d877f1ab2d64860b42bbc2abd0f33e61a3e5a3b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed