Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228).
-
Updated
Apr 26, 2024 - Java
Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228).
A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC
A Docker based LDAP RCE exploit demo for CVE-2021-44228 Log4Shell
Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell vulnerabilities without scanning or upgrading
Local Bytecode Scanner for the Log4JShell Vulnerability (CVE-2021-44228)
A mitigation for CVE-2021-44228 (log4shell) that works by patching the vulnerability at runtime. (Works with any vulnerable java software, tested with java 6 and newer)
Contains all my research and content produced regarding the log4shell vulnerability
Scanner that scans local files for log4shell vulnerability. Does bytecode analysis so it does not rely on metadata. Will find vulnerable log4j even it has been self-compiled/repackaged/shaded/nested (e.g. uberjar, fatjar) and even obfuscated.
A Java application intentionally vulnerable to CVE-2021-44228
The goal of this project is to demonstrate the log4j cve-2021-44228 exploit vulnerability in a spring-boot setup, and to show how to fix it.
Utilize Tai-e to identify the Log4shell (a.k.a. CVE-2021-44228) Vulnerability
Log4j vulner testing environment based on CVE-2021-44228. It provide guidance to build the sample infrastructure and the exploit scripts. Supporting cooki3 script as the main exploit tools & integration
POC for Infamous Log4j CVE-2021-44228
Add a description, image, and links to the log4shell topic page so that developers can more easily learn about it.
To associate your repository with the log4shell topic, visit your repo's landing page and select "manage topics."