log4j-scan is fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts. It supports fuzzing for more than 60 HTTP request headers, JSON data parameters, and HTTP POST Data parameters. It also supports DNS callback for vulnerability discovery and validation and includes WAF bypass payloads.
0d5ae7f22f482484023dbdde93229a59915d292aefd32e04445b6847b7cbe5c8
This utility looks for log4j in the currently running JVM. It is useful for systems that allow plugins to introduce their own jars. Therefore, you can find if someone is using log4j with a dangerous version.
f3e9c324df46c5349054a5e341c715ffbb5f3a49b2dcb09981741f4aa2e019e7
This is a basic bash script to detect log4j indicators of compromise (IoCs) in Linux log files.
cac18b2d6343c61bc55d312a115a6b13a4e02c2b28f3e4b83320cd33353f71a1
This honeypot runs a fake Minecraft server waiting to be exploited with log4j. Payload classes are saved to the payloads/ directory.
671e0e08f3222b36a45cdb838e96e036c46204e4de6145f8d10b9ce7e566aed3
Log4j remote code execution exploit with a trick to bypass words blocking patches. Works on Log4j versions 2.14.1 and below.
de7380eb6b3fc4c49f27978b8a6c7f1adef40597e054a9798db4c61a23e7311f
Fully independent log4j exploit that does not require any 3rd party binaries. The exploit sprays the payload to all possible logged HTTP Headers such as X-Forwarding, Server-IP, User-Agent.
19e37dec69c98eb8297671319d877f1ab2d64860b42bbc2abd0f33e61a3e5a3b
SAP Netweaver versions SAP DMIS in at least 2011_1_731 SP versions 0013 and below suffer from a remote ABAP code injection vulnerability in IUUC_GENERATE_ACPLAN_DELIMITER.
3cd28850847bc50e82be1b8c4526c61d99e60d3a9c0583aa8ce8b39bc6610154
SAP Netweaver version SAP DMIS 2011_1_731 SP 0013 suffers from a remote ABAP code injection vulnerability in IUUC_RECON_RC_COUNT_TABLE_BIG.
faf208cedd4dc5530fc5003cbe8bb903e10df267c17f5c9a76ed71c5665aa617
SAP Netweaver suffers from a remote ADBC SQL injection vulnerability in IUUC_RECON_RC_COUNT_TABLE_BIG. Other software and various versions are also affected.
550a91ffd1c6e82c954e30665a5c37fe3bd89744c696191b5b2ac048238d035f
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
f89199be8b23ca45fc7cb9f1d8d3ee67312318286ad030f5316aca6462db6c96
OpenEMR versions 6.0.0 and 6.1.0-dev suffer from an authenticated remote SQL injection vulnerability in the calendar search functionality.
f3e63ffea1416dffa063591f3a4d64e9cd1199687a6d7273f62fcad46fd75f81
Red Hat Security Advisory 2021-5142-02 - Red Hat Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.
136f7122e1f9300dd9b788756bc841a87a48bff46c2ac721fd3a6a3e9a7b31a8
Red Hat Security Advisory 2021-5140-04 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include a code execution vulnerability.
879ff41882fb1ddbfd57513bf1fb36b3c52ff0e9262fc67b19add600f7167822
Red Hat Security Advisory 2021-5133-03 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 1.6.5 serves as a replacement for Red Hat AMQ Streams 1.6.4, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a code execution vulnerability.
bae9bdd54401a2ffe703ae89a32c164e444c30c3ccdb6476124bd55035dcc8ca
Red Hat Security Advisory 2021-5137-03 - Openshift Logging Bug Fix Release. Issues addressed include a code execution vulnerability.
4d0e0ba480d1985682fcdde4cb73e526f09857aff03973f3e8b95bb969733c93
Red Hat Security Advisory 2021-5138-04 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 1.8.4 serves as a replacement for Red Hat AMQ Streams 1.8.0, and includes security and bug fixes, and enhancements. Issues addressed include a code execution vulnerability.
245168813cae86c4d76a1cfdcde77c977675b58722ddcaebf75a81c921588e60
Red Hat Security Advisory 2021-5134-05 - This release of Red Hat Fuse 7.10.0 serves as a replacement for Red Hat Fuse 7.9, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, cross site scripting, denial of service, deserialization, information leakage, memory leak, privilege escalation, server-side request forgery, and traversal vulnerabilities.
9284d27525337878d1b616a42ec6964f345739a90a655ed05cfae5b196bdeacd
Red Hat Security Advisory 2021-5132-02 - Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.2.2 replaces Data Grid 8.2.1 and includes bug fixes and enhancements. Issues addressed include a code execution vulnerability.
e56d0061fd9c6f701eb83f2fc729b215f8ac79a6ceb481428481d3ec29fe7ba3
Red Hat Security Advisory 2021-5110-05 - The RHEL-8 based Cryostat container images have been updated with a security fix for "CVE-2020-26160 jwt-go: access restriction bypass vulnerability". Users of RHEL-8 based Cryostat container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs, and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images. You can find images updated by this advisory in Red Hat Ecosystem Catalog. Issues addressed include a bypass vulnerability.
63915501de1b49a02aa0b126d481b202a818dff802e0229badf455bffd50eaf3
Red Hat Security Advisory 2021-5108-02 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a code execution vulnerability.
e279da6b231c4ebbb13a7d6b31d67b58027764f775fa92fa3f79b24defdc7688
Red Hat Security Advisory 2021-5093-03 - This release of Red Hat build of Eclipse Vert.x 4.1.5 SP1 includes security updates. For more information, see the release notes listed in the References section. Issues addressed include a code execution vulnerability.
f212aa682487932acd4956eaa31aaf8c0cb4487301de74c286c50599271ee0c3
Red Hat Security Advisory 2021-5126-01 - This update of Red Hat Integration - Camel Extensions for Quarkus serves as a replacement for 2.2 GA and includes the following security Fix: log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value. Issues addressed include a code execution vulnerability.
3626a09f3926f74d21efaa69d5715e3a64a7c3076d2073a42f8c39d4bf510155
Red Hat Security Advisory 2021-5129-06 - Openshift Logging Security and Bug Fix Release. Issues addressed include a code execution vulnerability.
1e4afdddae60218feb55e3c6cdbe2798ed855a13f02fcbcc0578d7cb1f17b329
Red Hat Security Advisory 2021-5127-05 - Openshift Logging Security and Bug Fix Release. Issues addressed include a code execution vulnerability.
1e2f8078db60bcc04c6dce8da02d1aaafa13feba2b38f98caa2be5533cdc2a34
Red Hat Security Advisory 2021-5128-06 - Openshift Logging Security and Bug Fix Release. Issues addressed include a code execution vulnerability.
44e06a5434f14a4d37594b811db7932de84ae206a506770768a3ce7c107b84a6