Log4j CVE-2021-44228 RCE Exploit DEMO #ChaliyeHackKarteHain❤️
3Description
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.
Mitigation
Log4j 1.x mitigation
Log4j 1.x is not impacted by this vulnerability.
Log4j 2.x mitigation
Upgrade to Log4j 2.3.2 (for Java 6), 2.12.4 (for Java 7), or 2.17.1 (for Java 8 and later).
In prior releases confirm that if the JDBC Appender is being used it is not configured to use any protocol other than Java.
Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.
Also note that Apache Log4j is the only Logging Services subproject affected by this vulnerability. Other projects like Log4net and Log4cxx are not impacted by this.
Thanks for watching!
देखने के लिए धन्यवाद
Благодаря за гледането
Kiitos katsomisesta
感谢您观看
Merci d'avoir regardé
Grazie per la visione
Gracias por ver
شكرا للمشاهدة
دیکھنے کے لیے شکریہ
Join Infosec Gamer on DISCORD: https://discord.com/invite/nS62Eu7
For Career Advice in Cyber Security: Talk to Me 😊
-------------------------------------------------------------------------------
Instagram► https://www.instagram.com/iamrahultyagi
Facebook ► https://www.facebook.com/infosecgamer/
Twitter ► https://twitter.com/rahultyagihacks
Like and Subscribe
-------------------------------
https://www.youtube.com/infosecgamer?sub_confirmation=1