CVE-2021-44228

Description from NVD

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

Information Acquisition Date:2023-04-17T10:18Z
CVSS 2.0: 9.3 HIGH CVSS 3.x: 10.0 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:M/Au:N/C:C/I:C/A:C

NVD References

 https://logging.apache.org/log4j/2.x/security.html
     source:MISC
     tags:Release Notes    Vendor Advisory    
 [oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
     source:MLIST
     tags:Mailing List    Mitigation    Third Party Advisory    
 [oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
     source:MLIST
     tags:Mailing List    Mitigation    Third Party Advisory    
 http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html
     source:MISC
     tags:Third Party Advisory    VDB Entry    
 https://security.netapp.com/advisory/ntap-20211210-0007/
     source:CONFIRM
     tags:Vendor Advisory    
 20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
     source:CISCO
     tags:Third Party Advisory    
 [oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032
     source:CONFIRM
     tags:Third Party Advisory    
 https://www.oracle.com/security-alerts/alert-cve-2021-44228.html
     source:CONFIRM
     tags:Third Party Advisory    
 FEDORA-2021-f0f501d01f
     source:FEDORA
     tags:Third Party Advisory    
 [oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 https://twitter.com/kurtseifried/status/1469345530182455296
     source:MISC
     tags:Exploit    Third Party Advisory    
 [debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 DSA-5020
     source:DEBIAN
     tags:Third Party Advisory    
 https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
     source:CONFIRM
     tags:Third Party Advisory    
 http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html
     source:MISC
     tags:Exploit    Third Party Advisory    VDB Entry    
 http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html
     source:MISC
     tags:Third Party Advisory    VDB Entry    
 http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html
     source:MISC
     tags:Exploit    Third Party Advisory    VDB Entry    
 [oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html
     source:CONFIRM
     tags:Third Party Advisory    
 VU#930724
     source:CERT-VN
     tags:Third Party Advisory    US Government Resource    
 http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html
     source:MISC
     tags:Third Party Advisory    VDB Entry    
 http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html
     source:MISC
     tags:Third Party Advisory    VDB Entry    
 http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html
     source:MISC
     tags:Third Party Advisory    VDB Entry    
 http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html
     source:MISC
     tags:Third Party Advisory    VDB Entry    
 http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html
     source:MISC
     tags:Third Party Advisory    VDB Entry    
 [oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf
     source:CONFIRM
     tags:Third Party Advisory    
 Microsoft’s Response to CVE-2021-44228 Apache Log4j 2
     source:MS
     tags:Patch    Third Party Advisory    Vendor Advisory    
 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
     source:MISC
     tags:Third Party Advisory    
 https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf
     source:CONFIRM
     tags:Third Party Advisory    
 http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html
     source:MISC
     tags:Third Party Advisory    VDB Entry    
 https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf
     source:CONFIRM
     tags:Third Party Advisory    
 http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html
     source:MISC
     tags:Third Party Advisory    VDB Entry    
 FEDORA-2021-66d6c484f3
     source:FEDORA
     tags:Third Party Advisory    
 https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md
     source:MISC
     tags:Product    US Government Resource    
 http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html
     source:MISC
     tags:Third Party Advisory    VDB Entry    
 http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html
     source:MISC
     tags:Third Party Advisory    VDB Entry    
 https://www.oracle.com/security-alerts/cpujan2022.html
     source:MISC
     tags:Patch    Third Party Advisory    
 https://github.com/cisagov/log4j-affected-db
     source:MISC
     tags:Third Party Advisory    
 https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001
     source:MISC
     tags:Third Party Advisory    
 https://support.apple.com/kb/HT213189
     source:CONFIRM
     tags:Third Party Advisory    
 20220314 APPLE-SA-2022-03-14-7 Xcode 13.3
     source:FULLDISC
     tags:Mailing List    Third Party Advisory    
 https://www.oracle.com/security-alerts/cpuapr2022.html
     source:MISC
     tags:Patch    Third Party Advisory    
 https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228
     source:MISC
     tags:Exploit    Third Party Advisory    
 https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html
     source:MISC
     tags:Exploit    Third Party Advisory    
 20220721 Open-Xchange Security Advisory 2022-07-21
     source:FULLDISC
     tags:Mailing List    Third Party Advisory    
 http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html
     source:MISC
     tags:Third Party Advisory    VDB Entry    
 http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html
     source:MISC
     tags:Exploit    Third Party Advisory    VDB Entry    
 20221208 Intel Data Center Manager <= 5.1 Local Privileges Escalation
     source:FULLDISC
     tags:Exploit    Mailing List    Third Party Advisory    
 http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html
     source:MISC
     tags:

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Apache(8 tweets) Java(1 tweets)

List of frequently cited URLs

URLNum of Times Referred to
http://vulmon.com/vulnerabilitydetails?qid=CVE-2021580
https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...225
https://cvetrends.com51
http://cyberiqs.com/latestnews44
https://www.reddit.com/r/blueteamsec/comments/rd38z9/log4j_...39
http://twinybots.ch25
https://lists.astaro.com/ASGV9-IPS-rules.html#019
https://cybersec.continuitysoftware.com/s/centralized-list-...18
https://us-cert.cisa.gov/ncas/current-activity/2021/12/13/c...17
https://thehackernews.com/2021/12/extremely-critical-log4j-...16
https://b.hatena.ne.jp/entry/s/discuss.elastic.co/t/apache-...13
https://www.truesec.com/hub/blog/apache-log4j-injection-vul...10
https://cybersec.cycognito.com/s/apache-log4j-vulnerability...10
https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-...8
https://lists.apache.org/thread/83y7dx5xvn3h5290q1twn16tlto...8
https://access.redhat.com/security/cve/cve-2021-442288
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2...8
https://www.searchenginejournal.com/log4j-security-fail/429...8
https://ift.tt/3rTZmsv7
https://checkmarx.com/blog/apache-log4j-remote-code-executi...7
https://blogs.juniper.net/en-us/enterprise-cloud-and-transf...7
https://networks.unify.com/security/advisories/OBSO-2201-01...7
http://t.me/gobies6
https://zero.bs/sb-2121-log4j-rce-cve-2021-44228.html6
http://Tenable.sc6
https://www.akamai.com/blog/news/CVE-2021-44228-Zero-Day-Vu...6
https://www.mcafee.com/enterprise/en-us/lp/insights-preview...6
https://kb.paessler.com/en/topic/90213-is-prtg-affected-by-...6
https://cloud.google.com/blog/products/identity-security/cl...6
https://www.huntress.com/blog/rapid-response-critical-rce-v...6
https://www.creeperhost.net/wiki/books/minecraft-java-editi...6
https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-...6
https://GlobalSecurityDatabase.org6
https://research.kudelskisecurity.com/2021/12/10/log4shell-...6
https://qiita.com/ohtsuka1317/items/54f47a732e24e97237c55
http://slf4j.org/log4shell.html5
https://opsmtrs.com/3yDxEBf5
https://cyberwatch.fr/cve/cve-2021-44228-log4shell-comment-...5
https://www.intel.com/content/www/us/en/security-center/adv...5
https://www.snort.org/downloads5
https://databricks.com/blog/2021/12/13/log4j2-vulnerability...5
http://logback.qos.ch/news.html5
https://www.elastic.co/blog/detecting-log4j2-with-elastic-s...5
https://www.nisc.go.jp/press/pdf/20211213NISC_press.pdf5
https://forum.xwiki.org/t/log4j-cve-2021-44228-log4shell-ze...5
https://www.imperva.com/blog/how-were-protecting-customers-...5
https://tweetedtimes.com/v/21183?s=tnp5
https://www.secuavail.com/kb/nw-device/utm-waf-and-cve-2021...5
https://www.auscert.org.au/bulletins/ESB-2021.43025
https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday...5
https://scan.netsecurity.ne.jp/article/2021/12/14/46812.html5
https://blog.talosintelligence.com/2021/12/apache-log4j-rce...5
https://security.stackexchange.com/questions/257873/does-cv...5
https://j.mp/3taaXUN4
https://redis.com/security/notice-apache-log4j2-cve-2021-44...4
https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-...4
https://yamory.io/blog/useful-functions-for-log4j-vulnerabi...4
https://prtimes.jp/main/html/rd/p/000000018.000073493.html4
https://puppet.com/blog/puppet-response-to-remote-code-exec...4
https://github.blog/2021-12-13-githubs-response-to-log4j-vu...4
https://level69.net/archives/283204
https://mackerel.io/ja/blog/entry/announcement/202112144
https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log...4
https://deepfence.io/cve-2021-44228-log4j2-exploitability-a...4
https://www.cisa.gov/uscert/ncas/current-activity/2021/12/1...4
https://www.esri.com/arcgis-blog/products/arcgis-enterprise...4
https://ivanti.social/8mjw6a4
https://www.npa.go.jp/cyberpolice/important/2021/202112141....4
https://www.zdnet.com/article/security-warning-new-zero-day...4
https://4securitas.com/log4j-vulnerability-on-4securitas-so...4
https://aws.amazon.com/security/security-bulletins/AWS-2021...4
https://pandorafms.com/blog/cve-2021-44228/4
https://www.rapid7.com/blog/post/2021/12/15/the-everyperson...4
https://www.rumble.run/blog/finding-log4j/4
https://therecord.media/log4j-zero-day-gets-security-fix-ju...4
https://tools.cisco.com/security/center/content/CiscoSecuri...4
https://www.access42.nl/nieuws/cve-2021-44228-proof-of-conc...4
https://www.blumira.com/cve-2021-44228-log4shell/4
https://www.cnblogs.com/nice0e3/p/14531327.html4
https://www.mongodb.com/blog/post/log4shell-vulnerability-c...4
https://www.randori.com/blog/cve-2021-44228/4
https://about.gitlab.com/blog/2021/12/15/updates-and-action...4
https://community.ui.com/releases/UniFi-Network-Application...4
https://hub.crowdsec.net/author/crowdsecurity/configuration...4
https://tdm.socprime.com/quick-hunt/4
https://www.jpcert.or.jp/at/2021/at210050.html4
https://blog.sonatype.com/why-did-log4shell-set-the-interne...4
https://forums.cpanel.net/threads/log4j-cve-2021-44228-does...4
https://hardenedvault.net/2021/12/17/analysis-CVE-2021-4422...4
https://security.sios.com/vulnerability/misc-security-vulne...4
https://blogs.jpcert.or.jp/ja/2021/12/log4j-cve-2021-44228....4
https://support.arduino.cc/hc/en-us/articles/4412377144338-...4
https://support.claris.com/s/answerview?language=ja&anum=00...4
https://blog.cloudflare.com/cve-2021-44228-log4j-rce-0-day-...4
https://blogs.quickheal.com/critical-zero-day-log4shell-vul...4
https://hominido.medium.com/iocs-para-log4shell-rce-0-day-c...4
https://infosecwriteups.com/log4shell-simplified-all-you-ne...4
http://feeds.feedburner.com/~ff/linuxquestions/latest?d=yIl...4
https://news.ycombinator.com/item?id=295269054
https://corp.moneyforward.com/news/info/20211214-mf-press-2/4
https://blog.serverworks.co.jp/aws-announcement-about-log4j...4
https://www.securityartwork.es/2021/12/13/log4shell-apache-...4
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf4
https://minecraft.mixjuice.info/2021/12/10/cve-2021-44228/4
https://research.trendmicro.com/3INubVV4
https://www.helpnetsecurity.com/2021/12/10/cve-2021-44228/4
https://milestone-of-se.nesuke.com/sv-advanced/sv-security/...4
https://unit42.paloaltonetworks.jp/apache-log4j-vulnerabili...4
http://cs.co/6013Jtb8H3
https://bit.ly/3DPoWkJ3
https://dev.to/sebiboga/jmeter-541-fix-for-security-cve-202...3
https://buff.ly/31Pc8Ok3
https://cybr.ly/31F2cXL3
https://msft.it/6015ZJbYt3
https://a-zs.net/apache_log4j_vulnerability/3
http://cisa.gov3
https://hclsw.co/hoge7x3
https://youtu.be/7qoPDq41xhQ3
https://anchor.fm/dokanai/episodes/vs-CVE-2021-44228-Log4Sh...3
http://earmas.ga3
https://tchnk.com/u6lJuE3
https://github.com/advisories/GHSA-jfh8-c2jp-5v3q3
https://sysdig.com/blog/cve-critical-vulnerability-log4j/3
https://ubuntu.com/security/CVE-2021-442283
https://fullhunt.io/blog/2021/12/13/detecting-log4j-rce-at-...3
https://kloudle.com/blog/log4j-cve-2021-44228-rce-how-to-pr...3
https://tolisec.com/iot-botnet-exploiting-log4j-cve-2021-442283
https://twitter.com/P0rZ9/status/14689498905713377313
https://umbraco.com/blog/security-advisory-december-15-2021...3
https://www.cve.org/CVERecord?id=CVE-2021-442283
https://blog.kie.org/2021/12/kie-log4j2-exploit-cve-2021-44...3
https://crowdsec.net/log4j-tracker3
https://csirt.gov.it/contenuti/vulnerabilita-log4shell-cve-...3
https://gigazine.net/news/20211213-cve-2021-44228-jndi-lookup/3
https://isc.sans.edu/forums/diary/281303
https://prophaze.com/cve/apache-log4j-up-to-2-14-1-jndi-lda...3
https://scalingo.com/fr/blog/cve-2021-44228-log4shell3
https://sec.okta.com/articles/2021/12/log4shell3
https://socprime.com/blog/cve-2021-44228-detection-notoriou...3
https://sylarsec.com/2021/12/24/understanding-log4j-and-log...3
https://www.heise.de/news/Kritische-Zero-Day-Luecke-in-log4...3
https://www.suse.com/c/suse-statement-on-log4j-log4shell-cv...3
https://blogs.sap.com/2021/12/14/hana-xsa-log4j-cve-2021-44...3
https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/3
https://guardedbox.es3
https://kb.vmware.com/s/article/870683
https://kc.mcafee.com/corporate/index?page=content&id=KB950913
https://logrhythm.com/blog/cve-2021-44228-log4shell-detection3
https://microsoft.com/security/blog/2021/12/11/guidance-for...3
https://smartbear.com/security/cve-2021-44228/3
https://tryhackme.com/room/solar3
https://uberagent.com/blog/log4shell-cve-2021-44228-splunk-...3
https://www.ipa.go.jp/security/ciadr/vul/alert20211213.html3
https://www.lac.co.jp/lacwatch/alert/20211213_002820.html3
https://www.nginx.com/blog/mitigating-the-log4j-vulnerabili...3
https://www.scutum.jp/information/waf_tech_blog/2021/12/waf...3
https://at-virtual.net/%e3%82%bb%e3%82%ad%e3%83%a5%e3%83%aa...3
https://attackerkb.com/topics/in9sPR2Bzt/cve-2021-44228-log...3
http://cti.uncoder.io3
https://go.trellix.com/3Lgz9Mb3
https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnera...3
https://opensearch.org/blog/releases/2021/12/update-to-1-2-1/3
https://reconshell.com/apache-log4j2-vulnerability-patch/3
https://securelist.com/cve-2021-44228-vulnerability-in-apac...3
https://support.f5.com/csp/article/K190262123
https://threatpost.com/log4shell-bug-smbs-experts/177021/3
https://www.cadenas.de/news-reader/items/jp-20211216-Apache...3
https://www.citrix.com/blogs/2021/12/13/guidance-for-reduci...3
https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/3
https://www.fastly.com/blog/digging-deeper-into-log4shell-0...3
https://www.lunasec.io/docs/blog/log4j-zero-day/3
https://www.oracle.com/security-alerts/alert-cve-2021-44228...3
https://www.splunk.com/en_us/blog/bulletins/splunk-security...3
https://www.vmware.com/security/advisories/VMSA-2021-0028.html3
https://arstechnica.com/information-technology/2021/12/mine...3
https://blog.fox-it.com/2021/12/14/log4j-jndi-be-gone-a-sim...3
https://blog.ipfire.org/post/no-java-no-cry-ipfire-is-not-v...3
https://blog.qualys.com/vulnerabilities-threat-research/202...3
https://core.vmware.com/vmsa-2021-0028-questions-answers-faq3
https://coreruleset.org/20211213/crs-and-log4j-log4shell-cv...3
https://docs.docker.com/desktop/mac/release-notes/#docker-d...3
https://gist.github.com/gnremy/c546c7911d5f876f263309d7161a...3
https://help.live2d.com/cubismeditor/log4j-cve-2021-442283
https://support.sap.com/content/dam/support/en_us/library/s...3
https://think.unblog.ch/zero-day-log4j-luecke-pruefen-cve-2...3
https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnunge...3
https://www.maltego.com/blog/our-response-to-log4j-cve-2021...3
https://www.ncsc.gov.uk/news/apache-log4j-vulnerability3
https://www.tableau.com/about/blog/2021/12/update-apache-lo...3
https://www.tenable.com/blog/cve-2021-44228-proof-of-concep...3
https://www.youtube.com/watch?v=7qoPDq41xhQ3
http://Scanmycode.today3
https://blog.pythian.com/cve-2021-44228-and-your-oracle-e-b...3
https://blogs.apache.org/security/entry/cve-2021-442283
https://blogs.oracle.com/security/post/cve-2021-442283
https://blogs.vmware.com/security/2021/12/investigating-cve...3
https://flink.apache.org/2021/12/10/log4j-cve.html3
https://wiki.eclipse.org/Eclipse_and_log4j2_vulnerability_(...3
https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A...3
https://www.boxsquare.jp/blog/log4j-vulnerability3
https://www.greynoise.io/blog/apache-log4j-vulnerability-CV...3
http://www.kitploit.com/2021/12/log4j-detector-detects-log4...3
https://www.linkedin.com/pulse/log4j-vulnerability-cve-2021...3
https://www.mandiant.com/resources/mobileiron-log4shell-exp...3
https://www.openwall.com/lists/oss-security/2021/12/14/43
https://www.softek.co.jp/SID/blog/archive/entry/20211215.html3
https://www.traceable.ai/blog-post/traceable-ai-can-help-de...3
https://www.veracode.com/blog/security-news/urgent-analysis...3
https://blog.cloudera.com/cloudera-response-to-cve-2021-442283
https://blog.ovhcloud.com/log4j-vulnerability-cve-2021-44228/3
https://forum.chatons.org/t/log4j-java-et-cve-2021-44228-lo...3
https://help.canary.tools/hc/en-gb/articles/4413465229201-U...3
https://issues.apache.org/jira/browse/LOG4J2-32013
https://pentest-tools.com/blog/log4j-vulnerability-cve-2021...3
https://serviceinfo.au.dk/Home/Message/43323
https://support.plesk.com/hc/en-us/articles/4412182812818-I...3
https://www.itmedia.co.jp/news/articles/2112/10/news157.html3
https://www.kaspersky.com/blog/log4shell-critical-vulnerabi...3
https://www.microsoft.com/security/blog/2021/12/11/guidance...3
https://www.pwndefend.com/2022/01/07/log4shell-exploitation...3
https://www.sumologic.com/blog/log4shell-cve-2021-442283
http://ComputerWeekly.com3
https://blog.detectify.com/2021/12/12/important-information...3
https://dev.classmethod.jp/articles/aws-waf-new-rule-log4jrce/3
https://discuss.elastic.co/t/apache-log4j2-remote-code-exec...3
https://greenlock.ghost.io/log4j-ou-log4shell-la-javapocaly...3
https://jpazpaas.github.io/blog/2021/12/13/log4shell-on-app...3
https://logging.apache.org/log4j/2.x/security.html3
https://support.citrix.com/article/CTX3357053
https://www.cybereason.com/blog/cybereason-solutions-are-no...3
https://www.infiniroot.com/blog/1155/using-nginx-lua-script...3
https://www.solarwinds.com/trust-center/security-advisories...3
https://blog.checkpoint.com/2021/12/11/protecting-against-c...3
https://community.jitsi.org/t/cve-2021-44228-and-jitsi-comp...3
https://fidelissecurity.com/threatgeek/threat-intelligence/...3
https://securityonline.info/log4j-detector-detects-vulnerab...3
https://www.crowdstrike.com/blog/log4j2-vulnerability-analy...3
https://www.darkreading.com/dr-tech/how-do-i-find-which-ser...3
https://www.sentinelone.com/blog/cve-2021-44228-staying-sec...3
https://www.systemtek.co.uk/2021/12/critical-apache-log4j-r...3
https://www.theregister.com/2021/12/14/apache_log4j_2_16_jn...3
https://blog.crossidea.co.jp/2021/30823
https://blogs.blackberry.com/en/2021/12/the-log4shell-log4j...3
https://blogs.networld.co.jp/entry/2021/12/12/2105293
https://community.riskiq.com/article/505098fc3
https://community.tanium.com/s/article/How-Tanium-Can-Help-...3
https://support.arcserve.com/s/article/2021121301?language=ja3
https://support.broadcom.com/security-advisory/content/secu...3
https://www.cadosecurity.com/analysis-of-initial-in-the-wil...3
https://www.cert.ssi.gouv.fr/alerte/CERTFR-2021-ALE-022/3
https://www.cybereason.co.jp/blog/cyberattack/7301/3
https://www.deepinstinct.com/blog/log4shell-cve-2021-44228-...3
https://www.securityweek.com/companies-respond-log4shell-vu...3
https://www.shadowserver.org/news/log4j-scanning-and-cve-20...3
https://www.techsolvency.com/story-so-far/cve-2021-44228-lo...3
https://blog.pfs.nifcloud.com/20211213_Log4jShell3
https://blog.segu-info.com.ar/2021/12/log4shell-vulnerabili...3
https://noticiasseguridad.com/vulnerabilidades/detalles-de-...3
https://portal.microfocus.com/s/customportalsearch?language...3
https://research.nccgroup.com/2021/12/12/log4j-jndi-be-gone...3
https://securityboulevard.com/2021/12/log4j-exploit-detecti...3
https://www.intellilink.co.jp/column/vulner/2021/121500.aspx3
https://www.picussecurity.com/resource/blog/simulating-and-...3
https://log4shell.huntress.com/3
https://piyolog.hatenadiary.jp/entry/2021/12/13/0455413
https://success.trendmicro.com/solution/0002899403
https://www.alexvanwolferen.nl/sitecore-solr-fix-log4j-cve-...3
https://www.hackingarticles.in/a-detailed-guide-on-log4j-pe...3
https://www.miltonsecurity.com/company/contact-us3
http://account.cometbackup.com3
https://community.mailcow.email/d/1229-cve-2021-44228-vulne...3
https://msrc-blog.microsoft.com/2021/12/11/microsofts-respo...3
https://packetstormsecurity.com/files/165307/CVE-2021-44228...3
https://securityforeveryone.com/blog/log4shell-log4j-0-day-...3
https://www.claudiokuenzler.com/blog/1155/using-nginx-lua-s...3
https://ankur-katiyar.medium.com/cve-2021-44228-proof-of-co...3
https://nakedsecurity.sophos.com/2021/12/13/log4shell-expla...3
https://www.bleepingcomputer.com/news/security/new-zero-day...3
https://cloudsecurityalliance.org/articles/dealing-with-log...3
https://community.carbonblack.com/t5/Documentation-Download...3
https://ipssignatures.appspot.com/?cve=CVE-2021-442283
https://forest.watch.impress.co.jp/docs/serial/yajiuma/1373...3
https://community.microstrategy.com/s/article/MicroStrategy...3
https://ja.confluence.atlassian.com/kb/faq-for-cve-2021-442...3
https://log4j-tester.trendmicro.com/3
https://unit42.paloaltonetworks.com/apache-log4j-vulnerabil...3
https://virtuallyandy.wordpress.com/2021/12/14/using-nsx-id...3
https://rules.emergingthreatspro.com/open/3
https://enterprise-support.nvidia.com/s/article/Log4j-Java-...3
https://security.paloaltonetworks.com/CVE-2021-442283
http://maruyama-mitsuhiko.cocolog-nifty.com/security/2021/1...3

▼ Show Information from Twitter(18)

List of frequently cited URLs

URLNum of Times Referred to
vulmon.com580
alerts.vulmon.com225
cvetrends.com51
cyberiqs.com44
www.reddit.com39
twinybots.ch25
lists.astaro.com19
cybersec.continuitysoftware.com18
us-cert.cisa.gov17
thehackernews.com16
b.hatena.ne.jp13
www.truesec.com10
cybersec.cycognito.com10
www.jenkins.io8
lists.apache.org8
access.redhat.com8
msrc.microsoft.com8
www.searchenginejournal.com8
ift.tt7
checkmarx.com7
blogs.juniper.net7
networks.unify.com7
t.me6
zero.bs6
Tenable.sc6
www.akamai.com6
www.mcafee.com6
kb.paessler.com6
cloud.google.com6
www.huntress.com6
www.creeperhost.net6
confluence.atlassian.com6
GlobalSecurityDatabase.org6
research.kudelskisecurity.com6
qiita.com5
slf4j.org5
opsmtrs.com5
cyberwatch.fr5
www.intel.com5
www.snort.org5
databricks.com5
logback.qos.ch5
www.elastic.co5
www.nisc.go.jp5
forum.xwiki.org5
www.imperva.com5
tweetedtimes.com5
www.secuavail.com5
www.auscert.org.au5
www.cyberkendra.com5
scan.netsecurity.ne.jp5
blog.talosintelligence.com5
security.stackexchange.com5
j.mp4
redis.com4
spring.io4
yamory.io4
prtimes.jp4
puppet.com4
github.blog4
level69.net4
mackerel.io4
www.ibm.com4
deepfence.io4
www.cisa.gov4
www.esri.com4
ivanti.social4
www.npa.go.jp4
www.zdnet.com4
4securitas.com4
aws.amazon.com4
pandorafms.com4
www.rapid7.com4
www.rumble.run4
therecord.media4
tools.cisco.com4
www.access42.nl4
www.blumira.com4
www.cnblogs.com4
www.mongodb.com4
www.randori.com4
about.gitlab.com4
community.ui.com4
hub.crowdsec.net4
tdm.socprime.com4
www.jpcert.or.jp4
blog.sonatype.com4
forums.cpanel.net4
hardenedvault.net4
security.sios.com4
blogs.jpcert.or.jp4
support.arduino.cc4
support.claris.com4
blog.cloudflare.com4
blogs.quickheal.com4
hominido.medium.com4
infosecwriteups.com4
feeds.feedburner.com4
news.ycombinator.com4
corp.moneyforward.com4
blog.serverworks.co.jp4
www.securityartwork.es4
cert-portal.siemens.com4
minecraft.mixjuice.info4
research.trendmicro.com4
www.helpnetsecurity.com4
milestone-of-se.nesuke.com4
unit42.paloaltonetworks.jp4
cs.co3
bit.ly3
dev.to3
buff.ly3
cybr.ly3
msft.it3
a-zs.net3
cisa.gov3
hclsw.co3
youtu.be3
anchor.fm3
earmas.ga3
tchnk.com3
github.com3
sysdig.com3
ubuntu.com3
fullhunt.io3
kloudle.com3
tolisec.com3
twitter.com3
umbraco.com3
www.cve.org3
blog.kie.org3
crowdsec.net3
csirt.gov.it3
gigazine.net3
isc.sans.edu3
prophaze.com3
scalingo.com3
sec.okta.com3
socprime.com3
sylarsec.com3
www.heise.de3
www.suse.com3
blogs.sap.com3
fusionauth.io3
guardedbox.es3
kb.vmware.com3
kc.mcafee.com3
logrhythm.com3
microsoft.com3
smartbear.com3
tryhackme.com3
uberagent.com3
www.ipa.go.jp3
www.lac.co.jp3
www.nginx.com3
www.scutum.jp3
at-virtual.net3
attackerkb.com3
cti.uncoder.io3
go.trellix.com3
kb.tableau.com3
opensearch.org3
reconshell.com3
securelist.com3
support.f5.com3
threatpost.com3
www.cadenas.de3
www.citrix.com3
www.docker.com3
www.fastly.com3
www.lunasec.io3
www.oracle.com3
www.splunk.com3
www.vmware.com3
arstechnica.com3
blog.fox-it.com3
blog.ipfire.org3
blog.qualys.com3
core.vmware.com3
coreruleset.org3
docs.docker.com3
gist.github.com3
help.live2d.com3
support.sap.com3
think.unblog.ch3
www.bsi.bund.de3
www.maltego.com3
www.ncsc.gov.uk3
www.tableau.com3
www.tenable.com3
www.youtube.com3
Scanmycode.today3
blog.pythian.com3
blogs.apache.org3
blogs.oracle.com3
blogs.vmware.com3
flink.apache.org3
wiki.eclipse.org3
www.blackhat.com3
www.boxsquare.jp3
www.greynoise.io3
www.kitploit.com3
www.linkedin.com3
www.mandiant.com3
www.openwall.com3
www.softek.co.jp3
www.traceable.ai3
www.veracode.com3
blog.cloudera.com3
blog.ovhcloud.com3
forum.chatons.org3
help.canary.tools3
issues.apache.org3
pentest-tools.com3
serviceinfo.au.dk3
support.plesk.com3
www.itmedia.co.jp3
www.kaspersky.com3
www.microsoft.com3
www.pwndefend.com3
www.sumologic.com3
ComputerWeekly.com3
blog.detectify.com3
dev.classmethod.jp3
discuss.elastic.co3
greenlock.ghost.io3
jpazpaas.github.io3
logging.apache.org3
support.citrix.com3
www.cybereason.com3
www.infiniroot.com3
www.solarwinds.com3
blog.checkpoint.com3
community.jitsi.org3
fidelissecurity.com3
securityonline.info3
www.crowdstrike.com3
www.darkreading.com3
www.sentinelone.com3
www.systemtek.co.uk3
www.theregister.com3
blog.crossidea.co.jp3
blogs.blackberry.com3
blogs.networld.co.jp3
community.riskiq.com3
community.tanium.com3
support.arcserve.com3
support.broadcom.com3
www.cadosecurity.com3
www.cert.ssi.gouv.fr3
www.cybereason.co.jp3
www.deepinstinct.com3
www.securityweek.com3
www.shadowserver.org3
www.techsolvency.com3
blog.pfs.nifcloud.com3
blog.segu-info.com.ar3
noticiasseguridad.com3
portal.microfocus.com3
research.nccgroup.com3
securityboulevard.com3
www.intellilink.co.jp3
www.picussecurity.com3
log4shell.huntress.com3
piyolog.hatenadiary.jp3
success.trendmicro.com3
www.alexvanwolferen.nl3
www.hackingarticles.in3
www.miltonsecurity.com3
account.cometbackup.com3
community.mailcow.email3
msrc-blog.microsoft.com3
packetstormsecurity.com3
securityforeveryone.com3
www.claudiokuenzler.com3
ankur-katiyar.medium.com3
nakedsecurity.sophos.com3
www.bleepingcomputer.com3
cloudsecurityalliance.org3
community.carbonblack.com3
ipssignatures.appspot.com3
forest.watch.impress.co.jp3
community.microstrategy.com3
ja.confluence.atlassian.com3
log4j-tester.trendmicro.com3
unit42.paloaltonetworks.com3
virtuallyandy.wordpress.com3
rules.emergingthreatspro.com3
enterprise-support.nvidia.com3
security.paloaltonetworks.com3
maruyama-mitsuhiko.cocolog-nifty.com3

▼ Show Information from Twitter(18)

GitHub Search Results: Up to 10
NameURL
logpresso/CVE-2021-44228-Scanner https://github.com/logpresso/CVE-2021-44228-Scanner
kozmer/log4j-shell-poc https://github.com/kozmer/log4j-shell-poc
christophetd/log4shell-vulnerable-app https://github.com/christophetd/log4shell-vulnerable-app
CERTCC/CVE-2021-44228_scanner https://github.com/CERTCC/CVE-2021-44228_scanner
jas502n/Log4j2-CVE-2021-44228 https://github.com/jas502n/Log4j2-CVE-2021-44228
fullhunt/log4j-scan https://github.com/fullhunt/log4j-scan
Puliczek/CVE-2021-44228-PoC-log4j-bypass-words https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words
mubix/CVE-2021-44228-Log4Shell-Hashes https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes
fox-it/log4j-finder https://github.com/fox-it/log4j-finder
f0ng/log4j2burpscanner https://github.com/f0ng/log4j2burpscanner
GitHub Search Results: Up to 10
NameURL
logpresso/CVE-2021-44228-Scanner github.com
kozmer/log4j-shell-poc github.com
christophetd/log4shell-vulnerable-app github.com
CERTCC/CVE-2021-44228_scanner github.com
jas502n/Log4j2-CVE-2021-44228 github.com
fullhunt/log4j-scan github.com
Puliczek/CVE-2021-44228-PoC-log4j-bypass-words github.com
mubix/CVE-2021-44228-Log4Shell-Hashes github.com
fox-it/log4j-finder github.com
f0ng/log4j2burpscanner github.com
2023/04/17 Score : 0
Added Har-sia Database : 2021/12/10
Last Modified : 2023/04/17
Highest Scored Date : 2021/12/14
Highest Score : 1785