Skip to content
/ vulnerableJettyLog4Shell Public

A Log4Shell VULNERABLE version of the Jetty webserver configured to use log4j.

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kc0bfv/vulnerableJettyLog4Shell

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
build_components
build_components
 
 
Dockerfile
Dockerfile
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 

Repository files navigation

Jetty Vulnerable to Log4Shell

This is a configuration of the Jetty webserver that's vulnerable to log4shell. The docker image is published here: https://hub.docker.com/repository/docker/kc0bfv/vulnerablejettylog4shell

This gets used by the log4j range project.

It uses Jetty 11.0.7, and the v2.14.1 log4j libraries.

It uses openjdk 11, which actually has a mitigation for opening remote LDAP code... So this project disables that in the Dockerfile.

Running

docker run -d -p 8080:8080 --name jetty -t kc0bfv/vulnerablejettylog4shell

If you've got Docker installed in Linux, that will start up a vulnerable Jetty instance on port 8080.

License

Eclipse Jetty 11 is dual licensed under the Apache License 2.0 and Eclipse Public License 2.0.

Log4j is licensed under Apache License 2.0.

This project is under Apache License 2.0 too for simplicity's sake.

About

A Log4Shell VULNERABLE version of the Jetty webserver configured to use log4j.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages