101 private links
What Log4j version are you using, what mitigations are already in place, and what should you do next. Continuously updated to cover CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832.
Scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! - GitHub - mergebase/log4j-detector: Scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too!
Operational information regarding the vulnerability in the Log4j logging library. - log4shell/README.md at main · NCSC-NL/log4shell
‘Scope and potential impact unlike any component vulnerability I can recall’
Just when you thought it was safe to relax for the weekend... a critical bug showed up in Apache's Log4j product
Within the last 10 hours (current time 10:00 am Pacific, 10 December 21), there has been a severe RCE 0-day exploit found in the Java library log4j that when used, results in a Remote Code Execution…
JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc) - GitHub - welk1n/JNDI-Injection-Exploit: JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
Understanding Log4Shell: the Apache log4j2 Remote Code Execution Vulnerability (CVE-2021-44228)
The “Log4Shell” vulnerability has triggered a lot of interest in JNDI Injection exploits. Unfortunately, regarding exploitability there seems to go a bit of misinformation around. TLDR: A current Java runtime version won’t safe you. Do patch.
Simply if you thought it was secure to loosen up for the weekend…