CVE-2021-45046CISA KEV: Actively Exploited

Apache Log4j2 Deserialization of Untrusted Data Vulnerability

Published May 1, 2023·Updated May 1, 2023

Description

Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.

Public Exploits & PoCs10 found

PoC: log4j2_vul_local_scanner

Log4j 漏洞本地检测脚本。 Scan all java processes on your host to check whether it's affected by log4j2 remote code execution vulnerability (CVE-2021-45046)

78

PoC: Log4j_CVE-2021-45046

Log4j 2.15.0 Privilege Escalation -- CVE-2021-45046

21

PoC: log4j-samples

Samples of log4j library versions to help log4j scanners / detectors improve their accuracy for detecting CVE-2021-45046 and CVE-2021-44228.

12

PoC: CVE-2021-45046-Info

Oh no another one

4

PoC: Log4Shell-Payloads

Log4Shell / Log4J Payload - CVE-2021-45046 and CVE-2022-42889

2

PoC: Log4J-Scan-Win

Windows Server Log4j Scanner - Powershell - CVE-2021-45046 and CVE-2021-44228

2

PoC: log4j-poc

Explanation of CVE-2021-45046 for classroom use

PoC: Log4Shell-Sandbox-Signature

Log4Shell(CVE-2021-45046) Sandbox Signature

PoC: log4jjndilookupremove

A simple script to remove Log4J JndiLookup.class from jars in a given directory, to temporarily protect from CVE-2021-45046 and CVE-2021-44228.

PoC: CVE-2021-45046

Replicating CVE-2021-45046

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free