Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2021-45105

Description

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.

POC

Reference

- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd

- https://www.oracle.com/security-alerts/cpuapr2022.html

- https://www.oracle.com/security-alerts/cpujan2022.html

- https://www.oracle.com/security-alerts/cpujul2022.html

Github

- https://github.com/1lann/log4shelldetect

- https://github.com/ADP-Dynatrace/dt-appsec-powerup

- https://github.com/ARPSyndicate/cve-scores

- https://github.com/ARPSyndicate/cvemon

- https://github.com/Afrouper/MavenDependencyCVE-Scanner

- https://github.com/AlvaroMartinezQ/clickandbuy

- https://github.com/BabooPan/Log4Shell-CVE-2021-44228-Demo

- https://github.com/Boupouchi/Log4j-Detector-PFA

- https://github.com/CUBETIQ/cubetiq-security-advisors

- https://github.com/CVEDB/PoC-List

- https://github.com/CVEDB/awesome-cve-repo

- https://github.com/CVEDB/top

- https://github.com/Cosmo-Tech/azure-digital-twins-simulator-connector

- https://github.com/CptOfEvilMinions/ChooseYourSIEMAdventure

- https://github.com/Cyb3rWard0g/log4jshell-lab

- https://github.com/Cybereason/Logout4Shell

- https://github.com/Devihtisham01/-HIPAA-and-GDPR-compliance-engine-for-a-healthcare-SaaS-product

- https://github.com/Dynatrace-Asad-Ali/appsecutil

- https://github.com/GhostTroops/TOP

- https://github.com/GluuFederation/Log4J

- https://github.com/HackJava/HackLog4j2

- https://github.com/HackJava/Log4j2

- https://github.com/HemantKMehta/Log4J

- https://github.com/HynekPetrak/log4shell-finder

- https://github.com/ITninja04/awesome-stars

- https://github.com/JERRY123S/all-poc

- https://github.com/Locj41/demo-cve2021-45105

- https://github.com/Maelstromage/Log4jSherlock

- https://github.com/MaineK00n/vuls2

- https://github.com/Mattrobby/Log4J-Demo

- https://github.com/MichalSoltysikSOC/Cybersecurity-content-videos

- https://github.com/NCSC-NL/log4shell

- https://github.com/NE137/log4j-scanner

- https://github.com/NaInSec/CVE-PoC-in-GitHub

- https://github.com/NiftyBank/java-app

- https://github.com/Pluralsight-SORCERI/log4j-resources

- https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words

- https://github.com/Qerim-iseni09/ByeLog4Shell

- https://github.com/Qualys/log4jscanwin

- https://github.com/ReAbout/audit-java

- https://github.com/Ryan2065/Log4ShellDetection

- https://github.com/SYRTI/POC_to_review

- https://github.com/ShadowPayload06/Internship-security-scan-

- https://github.com/VerveIndustrialProtection/CVE-2021-44228-Log4j

- https://github.com/WhooAmii/POC_to_review

- https://github.com/YoungBear/log4j2demo

- https://github.com/akselbork/Remove-Log4JVulnerabilityClass-

- https://github.com/alphatron-employee/product-overview

- https://github.com/alukashenkov/Vulners-MCP

- https://github.com/andalik/log4j-filescan

- https://github.com/asksven/log4j-poc

- https://github.com/bananaacaat/Log4j-Detector

- https://github.com/binkley/modern-java-practices

- https://github.com/bmw-inc/log4shell

- https://github.com/cckuailong/Log4j_dos_CVE-2021-45105

- https://github.com/chenghungpan/test_data

- https://github.com/christian-taillon/log4shell-hunting

- https://github.com/cyberanand1337x/bug-bounty-2022

- https://github.com/darkarnium/Log4j-CVE-Detect

- https://github.com/davejwilson/azure-spark-pools-log4j

- https://github.com/demining/Log4j-Vulnerability

- https://github.com/demonrvm/Log4ShellRemediation

- https://github.com/dileepdkumar/https-github.com-NCSC-NL-log4shell

- https://github.com/dileepdkumar/https-github.com-pravin-pp-log4j2-CVE-2021-45105-1

- https://github.com/dinlaks/RunTime-Vulnerability-Prevention---RHACS-Demo

- https://github.com/dkd/elasticsearch

- https://github.com/dtact/divd-2021-00038--log4j-scanner

- https://github.com/dynatrace-ext/AppSecUtil

- https://github.com/elicha023948/44228

- https://github.com/eliezio/log4j-test

- https://github.com/evmcoedevsecops/log4j2_Demo

- https://github.com/fox-it/log4j-finder

- https://github.com/gitlab-de/log4j-resources

- https://github.com/govgitty/log4shell-

- https://github.com/gumimin/dependency-check-sample

- https://github.com/helsecert/CVE-2021-44228

- https://github.com/hillu/local-log4j-vuln-scanner

- https://github.com/hktalent/TOP

- https://github.com/hupe1980/scan4log4shell

- https://github.com/iAmSOScArEd/log4j2_dos_exploit

- https://github.com/imTigger/webapp-hardware-bridge

- https://github.com/jacobalberty/unifi-docker

- https://github.com/jbmihoub/all-poc

- https://github.com/jfrog/log4j-tools

- https://github.com/khulnasoft-lab/awesome-security

- https://github.com/khulnasoft-labs/awesome-security

- https://github.com/krishnamk00/Top-10-OpenSource-News-Weekly

- https://github.com/lhotari/pulsar-docker-images-patch-CVE-2021-44228

- https://github.com/logpresso/CVE-2021-44228-Scanner

- https://github.com/mad1c/log4jchecker

- https://github.com/martinlau/dependency-check-issue

- https://github.com/mergebase/csv-compare

- https://github.com/mergebase/log4j-detector

- https://github.com/mosaic-hgw/jMeter

- https://github.com/name/log4j-remediation

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/nullx3d/PaypScan

- https://github.com/open-source-agenda/new-open-source-projects

- https://github.com/optionalg/ByeLog4Shell

- https://github.com/ossie-git/log4shell_sentinel

- https://github.com/ozGod-sh/Declencheur-CVE

- https://github.com/palantir/log4j-sniffer

- https://github.com/papicella/conftest-snyk-demos

- https://github.com/paras98/Log4Shell

- https://github.com/pentesterland/Log4Shell

- https://github.com/phax/ph-oton

- https://github.com/phax/phase4

- https://github.com/phax/phoss-directory

- https://github.com/phiroict/pub_log4j2_fix

- https://github.com/pravin-pp/log4j2-CVE-2021-45105

- https://github.com/retr0-13/log4j-bypass-words

- https://github.com/retr0-13/log4shell

- https://github.com/righettod/log4shell-analysis

- https://github.com/sakuraji-labs/log4j-remediation

- https://github.com/seculayer/Log4j-Vulnerability

- https://github.com/secursive/log4j-CVEs-scripts

- https://github.com/soosmile/POC

- https://github.com/srhercules/log4j_mass_scanner

- https://github.com/sschakraborty/SecurityPOC

- https://github.com/sumitgiri87/Ransomware-AIG

- https://github.com/tcoliver/IBM-SPSS-log4j-fixes

- https://github.com/tejas-nagchandi/CVE-2021-45105

- https://github.com/thedevappsecguy/Log4J-Mitigation-CVE-2021-44228--CVE-2021-45046--CVE-2021-45105--CVE-2021-44832

- https://github.com/thl-cmk/CVE-log4j-check_mk-plugin

- https://github.com/tmax-cloud/install-EFK

- https://github.com/trhacknon/CVE-2021-44228-Scanner

- https://github.com/trhacknon/Pocingit

- https://github.com/trhacknon/log4shell-finder

- https://github.com/viktorbezdek/awesome-github-projects

- https://github.com/wanniDev/OEmbeded

- https://github.com/watson-developer-cloud/assistant-with-discovery

- https://github.com/weeka10/-hktalent-TOP

- https://github.com/whalehub/awesome-stars

- https://github.com/whitesource/log4j-detect-distribution

- https://github.com/wortell/log4j

- https://github.com/xcollantes/henlo_there

- https://github.com/yannart/log4shell-scanner-rs

- https://github.com/yonocruzhj/AIG---Tasks

- https://github.com/zaneef/CVE-2021-44228

- https://github.com/zecool/cve

- https://github.com/zeroonesa/ctf_log4jshell