Exploit for Deserialization of Untrusted Data in Apache Log4J CVE-2019-17571 CVE-2021-44228

Name: Exploit for Deserialization of Untrusted Data in Apache Log4J CVE-2019-17571 CVE-2021-44228
Rating: 5 (617 reviews)
2021-12-13 | CVSS 9.3
## https://sploitus.com/exploit?id=6083DCC3-CA9C-58A4-9FBC-983DF1E52584
# l4j-info
Compiling valuable links as I find them documenting CVE-2021-44228 or Log4J

# Critical First Party advisories:
- [Existing Log4J 1.2 vulnerability CVE-2019-17571 is also potentially present](https://www.cvedetails.com/cve/CVE-2019-17571)
- [Apache Log4J Version 2.x Security Information](https://logging.apache.org/log4j/2.x/security.html)
- [VMWare critical vulnerability advisory](https://www.vmware.com/security/advisories/VMSA-2021-0028.html)
- [Cisco product vulnerability announcement](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd)
- [Sophos products affected](https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce)
- [Microsoft’s response to CVE-2021-44228](https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/)

# Intelligence & Mitigation:
- [Microsoft mitigation strategy](https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/)
- [CISA Cyber Hygine Services](https://www.cisa.gov/cyber-hygiene-services)
- [Microsoft Azure Sentinel IoC list, YAML](https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/Log4J_IPIOC_Dec112021.yaml)
- [Where to look & what we’re looking for](https://github.com/timb-machine/log4j/)
- [Huntress Log4Shell Vulnerability Tester](https://log4shell.huntress.com/)
- [Malware samples known to be exploiting Log4J](https://t.co/xvJa5yJKws)
- [Indicators of Compromise by IP Source](https://threatfox.abuse.ch/browse/tag/log4j/)
- [Loghunt’s Log4j-scan scanner for finding vulnerable hosts](https://github.com/fullhunt/log4j-scan)
- [Greynoise’s live list of known Apache Log4J Remote Code Execution Attempts](https://www.greynoise.io/viz/query/?gnql=tags%3A%22Apache%20Log4j%20RCE%20Attempt%22)
- [File hashes for known vulnerable versions of Log4Shell](https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes)
- [Malicious LDAP server for proof-of-concept testing](https://github.com/veracode-research/rogue-jndi)
- [How to restrict LDAP access via JNDI at the code-level](https://github.com/apache/logging-log4j2/pull/608/files/755e2c9d57f0517a73d16bfcaed93cc91969bdee)
- 

# Summary Articles:
- [Understanding Log4Shell with Randori & Greynoise ](https://info.randori.com/log4j-log4shell-webinar-greynoise)
- [NCCGroup’s Reconnaissance and Post Exploit Detection guide](https://research.nccgroup.com/2021/12/12/log4shell-reconnaissance-and-post-exploitation-network-detection/)
- [Swiss Government Advisory & Attack Explanation](https://www.govcert.admin.ch/blog/zero-day-exploit-targeting-popular-java-library-log4j/)
- [Potentially affected vendors and projects](https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592)
- [Tech Solvency’s “Story so Far”](https://www.techsolvency.com/story-so-far/cve-2021-44228-log4j-log4shell/)
- [List of Known Payloads, Threat Reports and IoC lists.](https://github.com/curated-intel/Log4Shell-IOCs)
- [Cloudflare hosting’s response to Log4j 2 vulnerability](https://blog.cloudflare.com/how-cloudflare-security-responded-to-log4j2-vulnerability/)