CVE-2021-45046

This repository contains a Python-based local scanner for detecting CVE-2021-45046 (Log4j2 vulnerability) by inspecting Java processes and their associated JAR files for the presence of vulnerable log4j-core components. It checks for mitigations like JVM arguments and environment variables, and can upload results to a specified server.

This repository contains a proof-of-concept for CVE-2021-45046, demonstrating a denial-of-service (DoS) vulnerability in Log4j 2.15.0 due to incomplete mitigation of CVE-2021-44228. The PoC uses a JNDI lookup pattern to exploit non-default configurations involving Thread Context Map (MDC) input data.

This repository provides a collection of Log4j library samples (including shaded jars, uber jars, and spring-boot executable jars) to aid in the detection and scanning of CVE-2021-45046 and CVE-2021-44228. It includes categorized samples for false hits, old hits, and true hits to validate scanner accuracy.

This repository contains a collection of Log4Shell (CVE-2021-45046) payloads for testing and exploiting vulnerable systems. It includes one-liners, WAF bypass techniques, and custom headers for various attack vectors.

This repository provides a brief description and a Log4j2 pattern layout string as a PoC for CVE-2021-45046, a vulnerability related to incomplete fix for Log4Shell. It includes references to external resources but lacks executable exploit code.

This repository documents testing results for CVE-2021-45046, a DoS vulnerability in Log4j 2.15.0. It includes test cases demonstrating infinite loops and system info exposure via crafted input strings.

This repository contains a functional PoC for CVE-2021-45046, demonstrating Log4j2's vulnerability to JNDI lookups in ThreadContext. The code includes examples of malicious payloads (commented out) that could trigger RCE via LDAP.

The repository contains only a README.md file with the CVE identifier and no functional exploit code or technical details. It appears to be a placeholder or incomplete submission.

This repository provides a bash script to scan and optionally remove the JndiLookup.class from JAR/WAR files to mitigate CVE-2021-45046 and CVE-2021-44228. It identifies vulnerable Log4j versions and helps remediate by deleting the problematic class.

This repository contains sandbox signatures for detecting Log4Shell (CVE-2021-45046) exploitation attempts. It includes regex-based detection for Cuckoo and Cape sandbox environments.

This repository contains a proof-of-concept for CVE-2021-45046, demonstrating how an attacker can exploit Log4j 2.15.0's incomplete fix for CVE-2021-44228 by using Thread Context Map (MDC) input data with a non-default Pattern Layout to trigger a JNDI Lookup pattern, leading to a denial of service (DoS). The PoC uses a benign lookup pattern (${java:version}) to show the vulnerability without executing malicious payloads.

This repository contains a Spring Boot application demonstrating CVE-2021-45046, a Log4j2 vulnerability causing a DoS via infinite recursion in context lookups. The PoC includes endpoints that trigger the vulnerability through crafted headers or JSON payloads.

This Metasploit module scans HTTP endpoints for CVE-2021-44228 (Log4Shell) by injecting JNDI payloads into headers and URIs, then listening for LDAP callbacks to confirm vulnerability. It supports custom headers, URIs, and environment variable leakage.