Operational information regarding the vulnerability in the Log4j logging library.

Related tags

Security related resourceslog4jcve-2021-44228log4shell
Overview

Log4j Vulnerability (CVE-2021-44228)

This repo contains operational information regarding the vulnerability in the Log4j logging library (CVE-2021-44228). For additional information see:

Repository contents

Directory Purpose
hunting Contains info regarding hunting for exploitation
iocs Contains any Indicators of Compromise, such as scanning IPs, etc
mitigation Contains info regarding mitigation, such as regexes for detecting scanning activity and more
scanning Contains references to methods and tooling used for scanning for the Log4j vulnerability
software Contains a list of known vulnerable and not vulnerable software
tools Contains a list of tools for automatically parsing info on this repo

Please note that these directories are not complete, and are currently being expanded.

NCSC-NL has published a HIGH/HIGH advisory for the Log4j vulnerability. Normally we would update the HIGH/HIGH advisory for vulnerable software packages, however due to the extensive amounts of expected updates we have created a list of known vulnerable software in the software directory.

Contributions welcome

If you have any additional information to share relevant to the Log4j vulnerability, please feel free to open a Pull request. New to this? Read how to contribute in GitHub's documentation.

Thank you

Dear contributors, partners all over the world,

We have received an impressive/enormous number of pull requests on this repo. It contains vital information that contributes to the situational overview around the Log4j vulnerability. The list of vulnerable applications is currently one of the most up-to-date ones with continuous input from across the globe. It is still expanding and we are working hard to process all the contributions.

Due to our joint efforts and strong cooperation we are confident that we will be better equipped to manage this situation.

Thank you all very much for your hard work and we keep welcoming your input via GitHub.

Comments
  • APC - PowerChute Business Edition

    APC - PowerChute Business Edition

    Not visible anything on their site yet:

    C:\Program Files (x86)\APC\PowerChute Business Edition\agent\lib>dir | findstr log4j

    10-12-2020 18:42 264,058 log4j-api-2.11.1.jar 10-12-2020 18:42 1,607,936 log4j-core-2.11.1.jar 10-12-2020 18:42 23,242 log4j-slf4j-impl-2.11.1.jar

    PowerChute Business Edition - 10.0.2.301

    investigate 
    opened by OS3DrNick 8
  • ESET Secure Authentication

    ESET Secure Authentication

    ESET states that they're not vulnerable, but we have various companies that Have ESET Secure Authentication installed and perform a scan for files, then we see that log4j is included in ESET Secure Authentication in the Elasticsearch component which they're shipping in their binary.

    [2021-12-16 10:19:27.784944] VULNERABLE: C:\Program Files\ESET Secure Authentication\elasticsearch\lib\log4j-core-2.11.1.jar -> org\apache\logging\log4j\core\net\JndiManager.class [04fdd701809d17465c17c7e603b1b202: log4j 2.9.0 - 2.11.2]

    [2021-12-16 10:19:28.847458] VULNERABLE: C:\Program Files\ESET Secure Authentication\elasticsearch\search-guard-tlstool-1.7\deps\log4j-core-2.11.1.jar -> org\apache\logging\log4j\core\net\JndiManager.class [04fdd701809d17465c17c7e603b1b202:log4j 2.9.0 - 2.11.2]

    software PR-requested 
    opened by nvaert1986 6
  • Add Waters product statement

    Add Waters product statement

    Add product statement for family of Waters informatics solutions

    Thank you for your contribution! Some pointers to get it merged quickly:

    For contributions in software/:

    • [x ] PR Title: Please use "Add <vendor/product name>" (instead of "Update README.md")
    • [x ] Status: please select a value from the status table at the top
    • [ x] Version: Status Vulnerable / Workaround? -> List vulnerable versions. Status Fix? -> List fixed versions.
    • [x ] Links: make sure you link to a public statement by the developer. Alternatively, include and link a file in the software/vendor-statements/ directory
    • [x ] Please mind the sorting
    software Stale 
    opened by StefanTIB 5
  • Update voor Dell EMC Unity

    Update voor Dell EMC Unity

    Dell EMC heeft versie 5.1.2.0.5.007 voor de Dell EMC Unity uitgebracht. "This release addresses the Apache Log4j issue", maar aangezien er (nog) geen release notes beschikbaar zijn weet ik niet welke van de CVE's wel of niet verholpen zijn.

    opened by dennixxNL 5
  • Add Fedex Ship Manager

    Add Fedex Ship Manager

    Updated Fedex Ship Manager to 3509, adding notes about pending 3510 update 1/24.

    Thank you for your contribution! Some pointers to get it merged quickly:

    For contributions in software/:

    • [ ] PR Title: Please use "Add <vendor/product name>" (instead of "Update README.md")
    • [ ] Status: please select a value from the status table at the top
    • [ ] Version: Status Vulnerable / Workaround? -> List vulnerable versions. Status Fix? -> List fixed versions.
    • [ ] Links: make sure you link to a public statement by the developer. Alternatively, include and link a file in the software/vendor-statements/ directory
    • [ ] Please mind the sorting
    software Stale 
    opened by Gadgetgeek2000 5
  • FEDEX Ship Manager

    FEDEX Ship Manager

    Following files were found on the FEDEX Ship Manager server installation, version 3508:

    C:\Program Files (x86)\FedEx\ShipManager\BIN\OfflineFastServicePublisher_lib\log4j-api-2.8.2.jar C:\Program Files (x86)\FedEx\ShipManager\BIN\OfflineFastServicePublisher_lib\log4j-core-2.8.2.jar C:\Program Files (x86)\FedEx\ShipManager\BIN\OfflineFastServicePublisher_lib\log4j-jcl-2.8.2.jar C:\Program Files (x86)\FedEx\ShipManager\BIN\OfflineFastServicePublisher_lib\log4j-slf4j-impl-2.8.2.jar C:\Program Files (x86)\FedEx\ShipManager\BIN\OfflineFastServicePublisher_lib\log4jna-api-2.0.jar

    software PR-requested 
    opened by Gadgetgeek2000 5
  • Add Beyond Compare and Bitwarden not vuln

    Add Beyond Compare and Bitwarden not vuln

    Neighter are vuln Beyondcompare makes the remark in the footer of there site.

    Thank you for your contribution! Some pointers to get it merged quickly:

    For contributions in software/:

    • Status: please select a value from the status table at the top
    • Version: Status Vulnerable / Workaround? -> List vulnerable versions. Status Fix? -> List fixed versions.
    • Links: make sure you link to a public statement by the developer. Alternatively, include and link a file in the software/vendor-statements/ directory
    • Please mind the sorting
    • Please put vendor/product name in PR title (instead of "Update README.md")
    opened by abtomat-inf 5
  • Added note from Schneider Electric about APC software

    Added note from Schneider Electric about APC software

    Thank you for your contribution! Some pointers to get it merged quickly:

    For contributions in software/:

    • Status: please select a value from the status table at the top
    • Version: Status Vulnerable / Workaround? -> List vulnerable versions. Status Fix? -> List fixed versions.
    • Links: make sure you link to a public statement by the developer. Alternatively, include and link a file in the software/vendor-statements/ directory
    • Please mind the sorting
    • Please put vendor/product name in PR title (instead of "Update README.md")
    opened by ipbgeek 5
  • Add Fujifilm to software list

    Add Fujifilm to software list

    from advisory sent by vendor

    Thank you for your contribution! Some pointers to get it merged quickly:

    For contributions in software/:

    • [x] PR Title: Please use "Add <vendor/product name>" (instead of "Update README.md")
    • [x] Status: please select a value from the status table at the top
    • [x] Version: Status Vulnerable / Workaround? -> List vulnerable versions. Status Fix? -> List fixed versions.
    • [x] Links: make sure you link to a public statement by the developer. Alternatively, include and link a file in the software/vendor-statements/ directory
    • [x] Please mind the sorting
    software Stale 
    opened by alkajazz 4
  • Update software_list_s.md

    Update software_list_s.md

    Updated Stormshield with specific advisory for StormShield Visibility Center (only product announced vulnerable to CVE-2021-44228) Updated SonicWall product list based on v2.3 of their advisory

    Thank you for your contribution! Some pointers to get it merged quickly:

    For contributions in software/:

    • [x] PR Title: Please use "Add <vendor/product name>" (instead of "Update README.md")
    • [x] Status: please select a value from the status table at the top
    • [x] Version: Status Vulnerable / Workaround? -> List vulnerable versions. Status Fix? -> List fixed versions.
    • [x] Links: make sure you link to a public statement by the developer. Alternatively, include and link a file in the software/vendor-statements/ directory
    • [x] Please mind the sorting
    software 
    opened by anssi-cvp 4
  • please improve formatting quality

    please improve formatting quality

    The quality of markdown tables is slowly deteriorating:

    • some entries don't have a trailing |, some do
    • some table uses a different separator than |:----, namely |----

    This makes it hard for automated parsing tools to access the data.

    Doing a one-shot cleanup and sending a pull request fixing half the entries would not be wise, because it would make all the other waiting pull requests unmergeable. Also, implementing a commit hook would make the entire file un-commitable.

    My idea would be to

    • fix |:--- manually
    • ask contributors for a more rigid input formatting
    • add a pre-merge-commit hook, that would only check the diff for violations of the code, so that the old code can still be ugly (for some time)
    software PR-requested 
    opened by milankowww 4
Releases(log4shell_info_20220615)
Owner
Nationaal Cyber Security Centrum (NCSC-NL)
Nationaal Cyber Security Centrum (NCSC-NL)
GitHub Repository
Fast and easy way to rollout on multiple GitLab project file a particular content.

Volatile Fast and easy way to rollout on multiple GitLab project file a particular content. Why ? After looking for a tool to simply enforce a develop

Lujeni 4 Jan 17, 2022
Trainspotting - Python Dependency Injector based on interface binding

Choose dependency injection Friendly with MyPy Supports lazy injections Supports

avito.tech 3 Jan 26, 2022
Experimental musig2 python code, not for production use!

musig2-py Experimental musig2 python code, not for production use! This is just for testing things out. All public keys are encoded as 32 bytes, assum

Samuel Dobson 14 Jul 08, 2022
Tool for finding PHP source code vulnerabilities.

vulnz Tool for finding php source code vulnerabilities. Scans PHP source code and prints out potentially dangerous lines. This tool is useful for secu

Mateo Hanžek 1 Jan 14, 2022
Log4j exploit catcher, detect Log4Shell exploits and try to get payloads.

log4j_catcher Log4j exploit catcher, detect Log4Shell exploits and try to get payloads. This is a basic python server that listen on a port and logs i

EntropyQueen 17 Dec 20, 2021
PySharpSphere - Inspired by SharpSphere, just another python version

PySharpSphere Inspired by SharpSphere, just another python version. Installation python3 setup.py install Features Support control both Linux and Wind

Ricter Zheng 191 Dec 22, 2022
MayorSec DNS Enumeration Tool

MayorSecDNSScan MSDNSScan is used to identify DNS records for target domains and check for zone transfers. There really isn't much special about it, a

Joe Helle 68 Dec 12, 2022
SEBUAH TOOLS TERMUX CRACK AKUN FF HOMKI AKUN EPEP DAH SATU FOLLOW AE YA BROO AWOKWOK

print " INSTALL TOOLS " $ pkg update && upgrade $ pkg install python2 $ pkg install git $ pip2 install lolcat $ pip2 install bs4 $ pip2 install reques

Jeeck 2 Nov 29, 2021
orfipy is a tool written in python/cython to extract ORFs in an extremely and fast and flexible manner

Introduction orfipy is a tool written in python/cython to extract ORFs in an extremely and fast and flexible manner. Other popular ORF searching tools

Urminder Singh 34 Nov 21, 2022
Hack any account sending fake nitro QR code (only for educational purpose)

DISCORD_ACCOUNT_HACKING_TOOL ( EDUCATIONAL PURPOSE ) Hack any account sending fake nitro QR code (only for educational purpose) Start my program token

Novy 7 Jan 07, 2022
A Modified version of TCC's Osprey poc framework......

fierce-fish fierce-fish是由TCC(斗象能力中心)出品并维护的开源漏洞检测框架osprey的改写,去掉臃肿功能的精简版本poc框架 PS:真的用不惯其它臃肿的功能,不过作为一个收集漏洞poc && exp的框架还是非常不错的!!! osprey For beginners fr

lUc1f3r11 10 Dec 30, 2022
Rouge Spammers with a mission to disrupt the peace of the valley ? Fear not we will STOMP the Spammers

Rouge Spammers with a mission to disrupt the peace of the valley ? Fear not we will STOMP the Spammers New Update : adding 'on-review' tag on an issue

A N U S H 13 Sep 19, 2021
A simple python script for hosting a Snowflake Proxy in your python program or with it's standalone cli

snowflake-cli Snowflake is a system to defeat internet censorship, made by Tor Project. The system works by volunteers who run the snowflake extension

Guilherme Paixão 6 Jul 14, 2022
This is python script that will extract the functions call in all used DLL in an executable and then provide a mapping of those functions to the attack classes defined and curated malapi.io.

F2Amapper This is python script that will extract the functions call in all used DLL in an executable and then provide a mapping of those functions to

Ajit Kumar 3 Sep 03, 2022
LaxrFar Python Obfuscator

LaxrFar Python Obfuscator Usage First do the things from "Upload to Webserver" o

LaxrFar 5 Jul 19, 2022
ThePhish: an automated phishing email analysis tool

ThePhish ThePhish is an automated phishing email analysis tool based on TheHive, Cortex and MISP. It is a web application written in Python 3 and base

675 Jan 03, 2023
Industry ready custom API payload with an easy format for building Python APIs (Django/Django Rest Framework)

Industry ready custom API payload with an easy format for building Python APIs (Django/Django Rest Framework) Yosh! If you are a django backend develo

Abram (^o^) 7 Sep 30, 2022
Vulnerability Exploitation Code Collection Repository

Introduction expbox is an exploit code collection repository List CVE-2021-41349 Exchange XSS PoC = Exchange 2013 update 23 = Exchange 2016 update 2

0x0021h 263 Feb 14, 2022
The best Python Backdoor👌

Backdoor The best Python Backdoor Files Server file is used in all of cases If client is Windows, the client need execute EXE file If client is Linux,

13 Oct 28, 2022
Used to build an XSS platform on the command line.

pyXSSPlatform Used to build an XSS platform on the command line. Usage: 1.generate the cert file You can use openssl like this: openssl req -new -x509

70 Jun 21, 2022