CVE-2021-44228CRITICALCVSS 10.0CISA KEV: Actively Exploited

Apache Log4j2 Remote Code Execution Vulnerability

Published Dec 10, 2021·Updated Dec 10, 2021

Description

Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.

Affected Packages (2)

log4j-coreMAVEN
From 2.0
Fixed in 2.15.0
org.apache.logging.log4j:log4j-coreMAVEN
From 2.0
Fixed in 2.15.0

Public Exploits & PoCs100 found

PoC: log4j-remediation-tools

Tools for remediating the recent log4j2 RCE vulnerability (CVE-2021-44228) log4j2, remediation, tools

55

PoC: Log4Shell-obfuscated-payloads-generator

Generate primary obfuscated or secondary obfuscated CVE-2021-44228 or CVE-2021-45046 payloads to evade WAF detection.

10

PoC: CVE-2021-44228

Utilize Tai-e to identify the Log4shell (a.k.a. CVE-2021-44228) Vulnerability

2

PoC: CVE-2021-44228-Mass-RCE-Log4j

CVE-2021-44228 Log4J multithreaded Mass Exploitation tool compatible with URL/IP lists.

2

PoC: Solar-exploiting-log-4j

This repository presents a comprehensive walkthrough of the Solar Exploiting Log4j room on TryHackMe, with a focus on understanding and exploiting the critical Log4Shell vulnerability (CVE-2021-44228).The process of triggering the exploit and gaining a reverse shell is explained in a practical and easy-to-follow manner.

1

PoC: PY-Log4j-RCE-Scanner

Using this tool, you can scan for remote command execution vulnerability CVE-2021-44228 on Apache Log4j at multiple addresses.

1

PoC: Log4j-Vulnerability

Vulnerability CVE-2021-44228 allows remote code execution without authentication for several versions of Apache Log4j2 (Log4Shell). Attackers can exploit vulnerable servers by connecting over any protocol, such as HTTPS, and sending a specially crafted string.

1

PoC: tf-log4j-aws-poc

This project files demostrate a proof-of-concept of log4j vulnerability (CVE-2021-44228) on AWS using Terraform Infrastructure-as-a-code means.

1

PoC: Writing-Sample-1

CVE-2021-44228 Log4j Summary

1

PoC: log4shell-lab

Log4Shell (CVE-2021-44228) 보안 실습 환경 - Log4j 2.14.1 취약 로그 수집 서버

PoC: ehir-vuln-enterprise-login

webapp vulnerable to CVE-2021-44228

PoC: Log4Shell-Vulnerability-Replication

CVE-2021-44228 漏洞复现完整记录(含环境搭建、触发验证)

PoC: vulnerable-java-app

Spring Boot app with log4j 2.14.1 (CVE-2021-44228) — VulnFix agent test target

PoC: Log4ShellAuditor

An autonomous reflective Go agent for full-cycle security auditing, WAF evasion, OOB LDAP verification, self-remediation (auto-patching), and compliance reporting for CVE-2021-44228 (Log4Shell).

PoC: log4shell-poc-maven

Intentionally vulnerable Maven project — CVE-2021-44228 (Log4Shell) SCA demo target

PoC: mi-laboratorio-log4shell

Laboratorio automatizado Plug & Play en Docker para auditar y estudiar la vulnerabilidad Log4Shell (CVE-2021-44228)

PoC: log4j-vuln-demo

Intentionally vulnerable Log4j 2.14.1 demo for Sysdig CNAPP scanning (CVE-2021-44228)

PoC: craready-test-java-vulns

CRAReady SBOM test fixture — Java/Maven app with Log4Shell (CVE-2021-44228), Spring4Shell, Text4Shell, and other critical CVEs

PoC: Cyber-Attack-Simulation-

Log4Shell (CVE-2021-44228)

PoC: log4shell-coraza

Log4Shell (CVE-2021-44228) defense lab — nginx + Coraza WAF dynamic module + OWASP CRS v4. Educational use only.

PoC: Log4Shell-Attack

Multi-Stage Attack Modeling and Detection of Log4Shell for CVE-2021-44228

PoC: HTB-Unified-Writeup

A technical walkthrough of exploiting CVE-2021-44228 (Log4Shell) in a UniFi Network Application environment, including MongoDB manipulation and privilege escalation.

PoC: EXPLOIT-CVE-2021-44228

PoC of CVE-2021-44228

PoC: SecureOps-Lab

Performed a live cybersecurity assessment on a university Linux server. During analysis, active attack activity was identified, including brute-force authentication attempts and exploitation attempts targeting Log4Shell (CVE-2021-44228).

PoC: TryHackMe-Solar-exploiting-log4j-

Explore CVE-2021-44228, a vulnerability in log4j affecting almost all software under the sun.

PoC: solar-exploiting-log4j

This repository provides a detailed walkthrough of the *Solar Exploiting Log4j room* on TryHackMe, focusing on exploiting the critical Log4Shell vulnerability (CVE-2021-44228). The project demonstrates how attackers can leverage insecure logging mechanisms in Java applications to achieve remote code execution.

PoC: THM---Solar-exploiting-Log-4j

This room is based on exploiting the notorious Log4j vulnerability ( CVE-2021-44228), also referred to as the Log4Shell. The weakness enables attackers to execute a remote code via injection of the malicious payloads into the log messages.

PoC: wmohamed2033.github.io

CVE-2021-44228 Log4Shell — Penetration Test Writeup

PoC: log4shell-poc

POC for log4shll Vulnerablity (CVE-2021-44228)

PoC: CVE-2021-44228

CVE-2021-44228

PoC: log4shell-remediation

Log4Shell (CVE-2021-44228) security remediation demo - Showcasing Antigravity's ability to identify and fix critical security vulnerabilities in Java applications

PoC: Log4Shell-PoC

**Log4Shell PoC is a high-fidelity exploitation environment designed to replicate the CVE-2021-44228 vulnerability.** It provides a containerized sandbox to demonstrate JNDI injection, LDAP/RMI referral redirection, and remote code execution (RCE) via the Log4j 2 library.

PoC: Log4j-Vulnerability

Étude technique et mise en œuvre d'un environnement de test pour la faille Apache Log4j (CVE-2021-44228). Contient un Proof of Concept (PoC) Dockerisé et une proposition de mise à jour de PSSI. Pour un objectif de TP

PoC: Log4Shell-CVE-2021-44228

Hands-on lab for exploiting and understanding Log4Shell (CVE-2021-44228) using Docker, Kali Linux, Burp Suite and log4j-shell-poc. For teaching and defensive training in controlled lab environments only.

PoC: CVE-2021-44228---Log4Shell-Analysis

Technical deep dive into Apache Log4j2 JNDI injection vulnerability. Features static code analysis, patch comparison, attack vectors (LDAP/RMI/DNS), and enterprise mitigation guidance.

PoC: Log4Shell

This repository contains my work for a cybersecurity assignment where I exploited the real-world Log4Shell (CVE-2021-44228) vulnerability inside a safe, controlled virtual machine. The project followed a Capture-the-Flag format with multiple exploitation tasks to retrieve hidden flags.

PoC: Blackash-CVE-2021-44228

CVE-2021-44228

PoC: log4j2-bugmaker

Demo of CVE-2021-44228 Log4Shell.

PoC: log4shell

Log4Shell (CVE-2021-44228) PoC

PoC: Microsoft-Defender-for-Endpoint-Deployment-on-Windows-10-11-device

This repository documents how deployment of Microsoft Defender for Endpoint on a Windows 11 device, including onboarding via local script, enabling device discovery, configuring Log4j2 detection (CVE-2021-44228), and validating incident response workflows.

PoC: Log4Shell

Log4Shell CVE-2021-44228 PoC

PoC: CVE-2021-44228

A simple Log4j PoC written by Go

PoC: hka-seminar-log4shell

Praktische Demonstration der Log4Shell-Sicherheitslücke (CVE-2021-44228)

PoC: CVE-2021-44228-Log4j-JNDI

CVE-2021-44228 Vulnerability Reproduction Environment CVE-2021-44228 漏洞复现环境

PoC: log4shell-homework9

Log4Shell (CVE-2021-44228) exploit demo for SEAS 8405. Includes a vulnerable Spring Boot app, fake LDAP server, Docker setup, MITRE mapping, incident response, and a full screen recording.

PoC: Log4j-_Vulnerability

The Web Is Vulnerable to CVE-2021-44228

PoC: CVE-2021-44228-Log4Shell-

Kiểm thử xâm nhập

PoC: Log4shell

CVE-2021-44228

PoC: log4shell-tools

Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046 cve-2021-44228, cve-2021-45046, dns, jndi, ldap, log4j, log4shell

PoC: log4shell-tools

Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046 cve-2021-44228, cve-2021-45046, dns, jndi, ldap, log4j, log4shell

PoC: log4shell-tools

Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046 cve-2021-44228, cve-2021-45046, dns, jndi, ldap, log4j, log4shell

PoC: Log4Shell-vulnerability-CVE-2021-44228-

This repository provides an in-depth analysis of the Log4Shell vulnerability (CVE-2021-44228) and implements a machine learning-based approach to detect exploitation attempts in log data.

PoC: CVE-2021-44228

调试环境

PoC: cve-2021-44228

这是安徽大学 “漏洞分析实验”(大三秋冬)期中作业归档。完整文档位于https://testgames.me/2024/11/10/cve-2021-44228/

PoC: -Unveiling-the-Lessons-from-Log4Shell-A-Wake-Up-Call-for-Cybersecurity-

In December 2021, the world of cybersecurity was shaken by the discovery of the Log4Shell vulnerability (CVE-2021-44228), embedded within the widely-used Apache Log4j library. With a CVSS score of 10

PoC: TPASLog4ShellPoC

Proof of Concept (PoC) for the Log4Shell vulnerability (CVE-2021-44228), developed as part of the coursework for the curricular unit TPAS in the Master's degree in Information Security at FCUP.

PoC: log4j-shell-poc

Log4J exploit CVE-2021-44228

PoC: CVE-2021-44228

CVE-2021-44228 vulnerability study

PoC: Exploiting-CVE-2021-44228-Log4Shell-in-a-Banking-Environment

Objective: Demonstrate the exploitation of the Log4Shell vulnerability (CVE-2021-44228) within a simulated banking application environment.

PoC: Log4Shell-PoC-Application

Log4Shell (CVE-2021-44228) PoC Application

PoC: Wireshark

Downloaded a packet capture (.pcapng) file from malware-traffic-analysis.net which was an example of an attempted attack against a webserver using the Log4J vulnerability (CVE-2021-44228). I examined teh amount of endpoints communicating with the server and knowing jnidi as a common in the vulnerbilty found it in clear text

PoC: CVE-2021-44228-POC

exploit CVE-2021-44228

PoC: l4s-vulnapp

This is a potentially vulnerable Java web application containing Log4j affected by log4shell(CVE-2021-44228).

PoC: CVE-2021-44228

Log4Shell CVE Analysis

PoC: l4j-fp1

jee web project with sanitised log4shell (CVE-2021-44228) vulnerability

PoC: l4j-tp1

jee web project with log4shell (CVE-2021-44228) vulnerability

PoC: CVE-Research

Research on CVE-2021-44228 and CVE-2023-46604

PoC: log4shell_lab

CVE-2021-44228

PoC: log4shell-minecraft-demo

Log4Shell (CVE-2021-44228) minecraft demo. Used for education fairs

PoC: CVE-2021-44228

Log4j Vulnerability RCE - CVE-2021-44228

PoC: Odysseus

A demo of the Log4Shell (CVE-2021-44228) vulnerability.

PoC: log4j-exploit-with-fork-bomb

💣💥💀 Пример запуска fork-бомбы на удаленном сервере благодаря уязвимости CVE-2021-44228

PoC: Log4ShellRemediation

A vulnerable Spring Boot application that uses log4j and is vulnerable to CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105

PoC: log4shell-vulnweb

this web is vulnerable against CVE-2021-44228

PoC: CVE-2021-44228

CVE-2021-44228

PoC: Log4j-PoC

An educational Proof of Concept for the Log4j Vulnerability (CVE-2021-44228) in Minecraft

PoC: log4j_poc

PoC of CVE-2021-44228 , log4j

PoC: Log4Shell-CVE-2021-44228-PoC

CVE 2021-44228 Proof-of-Concept. Log4Shell is an attack against Servers that uses vulnerable versions of Log4J.

PoC: CVE-2021-44228

DO NOT USE FOR ANYTHING REAL. Simple springboot sample app with vulnerability CVE-2021-44228 aka "Log4Shell"

PoC: CVE-2021-44228-poc

CVE-2021-44228 POC / Example

PoC: log4j-shell-poc

A Proof-Of-Concept for the CVE-2021-44228 vulnerability.

PoC: CVE-2021-44228-RCE

Mass exploitation scripts for 12 software which are affected by log4j rce

PoC: Log4j-CVE-2021-44228-Remediation

This powershell script is intended to be used by anyone looking to remediate the Log4j Vulnerability within their environment. It can target multiple machines and run remotely as a job on all or only affected devices.

PoC: jankybank

Simple Java Front and Back end with bad log4j version featuring CVE-2021-44228

PoC: autoL4s

Autopwn Log4Shell (CVE-2021-44228)!!!

PoC: CVE-2021-44228

Apache Log4j is a logging tool written in Java. This paper focuses on what is Log4j and log4shell vulnerability and how it works, how it affects the victim, and how can this be mitigated

PoC: Ethical-Hacking-Report-Log4j

:page_with_curl: A report about CVE-2021-44228

PoC: CVE-2021-44228-Mass-RCE-Log4j

CVE-2021-44228 Log4J multithreaded Mass Exploitation tool compatible with URL/IP lists.

PoC: Log4j-Vulnerability-in-Ghidra-tool-CVE-2021-44228

Remote Code Execution attacks are one of the most frequent methods employed by cybercriminals to compromise susceptible computers. In the previous year, a serious zero-day vulnerability was identified in Log4j, a java program used by developers for debugging and application modification loggings. This is also a significant vulnerability that affects the so-called Ghidra reverse engineering tool.

PoC: log4j-scan

A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228

PoC: Log4Shell-CVE-2121-44228-Demo

Log4Shell CVE-2021-44228 Demo

PoC: CVE-2021-44228

Proof of concept of the Log4Shell vulnerability (CVE-2021-44228)

PoC: log4j

CVE-2021-44228 vulnerability in Apache Log4j library

PoC: CVE-2021-44228-mass

CVE-2021-44228 PoC for more than 12 affected softwares(not publicly disclossed yet) with mass exploitation script for each.

PoC: CVE-2021-44228

Log4Shell Proof-Of-Concept derived from https://github.com/kozmer/log4j-shell-poc

PoC: log4j-scanner

A Log4j vulnerability scanner is used to identify the CVE-2021-44228 and CVE_2021_45046

PoC: log4shell-honeypot

Java application vulnerable to the CVE-2021-44228 (a.k.a log4shell) vulnerability

PoC: CVE-2021-44228

Log4j2组件命令执行RCE / Code By:Jun_sheng

PoC: vulescanjndilookup

HERRAMIENTA AUTOMATIZADA PARA LA DETECCION DE LA VULNERABILIDAD CVE-2021-44228

PoC: log4shellwithlog4j2_13_3

Springboot web application accepts a name get parameter and logs its value to log4j2. Vulnerable to CVE-2021-44228.

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free