## https://sploitus.com/exploit?id=2C7AFC31-83FC-5C56-96D6-91A9EB1160F4
# Log4Shell (CVE-2021-44228) PoC
## Objective
Reproduce, exploit, and remediate a known critical CVE in a Dockerised environment.
This PoC demonstrates [CVE-2021-44228 (Log4Shell)](https://vulners.com/cve/CVE-2021-44228) in a Spring Boot application.
## 1. Vulnerability Description
**CVE:** 2021-44228
**CVSS:** 10.0 (Critical)
**Affected component:** Apache Log4j ( observe no reverse shell
```
### Interim mitigations (if upgrade not possible)
1. Buy time
* Restrict inbound exploit strings (`${jndi:` patterns) with a WAF or middleware.
* Restrict outbound LDAP from application servers with egress filtering.
2. Disable lookups:
```
-Dlog4j2.formatMsgNoLookups=true
```
3. Harden JVM:
```
-Dcom.sun.jndi.ldap.object.trustURLCodebase=false
```
### Operational mitigations
1. Audit dependencies and runtime
* Generate an SBOM (`gradle dependencies`, Snyk, Wiz, etc.).
* Search deployed images/servers for `log4j-core-*.jar`, including fat JARs.
* Triage and prioritize mitigations for the riskiest workloads.
2. Monitor & detect
* Watch for exploit attempts in logs (`${jndi:...}`, `${${lower:j}ndi:...}`, etc.).
* Monitor outbound LDAP traffic for callbacks.
* Treat findings as potential compromises, escalate for incident response (forensic investigation, removal of malicious artifacts, rotation of secrets, etc.).
3. Vendor patches
* Track vendor advisories (e.g., Elasticsearch) - many ship bundled Log4j.
* Apply hotfixes or workarounds provided until official patches are available.
4. Strategic Improvements
* Enforce "deny by default" policy for outbound traffic filtering.
* Enforce dependency scanning in CI/CD.
* Formalize response playbooks so teams know exactly what to do during the next "10.0 CVSS" vulnerability.
* Run resilience drills/tabletops to test readiness for a "new Log4Shell-class" incident.
## 5. References
* [Apache Security Advisories](https://logging.apache.org/security.html)