Operational information regarding the vulnerability in the Log4j logging library.

Related tags

Security related resourceslog4jcve-2021-44228log4shell
Overview

Log4j Vulnerability (CVE-2021-44228)

This repo contains operational information regarding the vulnerability in the Log4j logging library (CVE-2021-44228). For additional information see:

Repository contents

Directory Purpose
hunting Contains info regarding hunting for exploitation
iocs Contains any Indicators of Compromise, such as scanning IPs, etc
mitigation Contains info regarding mitigation, such as regexes for detecting scanning activity and more
scanning Contains references to methods and tooling used for scanning for the Log4j vulnerability
software Contains a list of known vulnerable and not vulnerable software
tools Contains a list of tools for automatically parsing info on this repo

Please note that these directories are not complete, and are currently being expanded.

NCSC-NL has published a HIGH/HIGH advisory for the Log4j vulnerability. Normally we would update the HIGH/HIGH advisory for vulnerable software packages, however due to the extensive amounts of expected updates we have created a list of known vulnerable software in the software directory.

Contributions welcome

If you have any additional information to share relevant to the Log4j vulnerability, please feel free to open a Pull request. New to this? Read how to contribute in GitHub's documentation.

Thank you

Dear contributors, partners all over the world,

We have received an impressive/enormous number of pull requests on this repo. It contains vital information that contributes to the situational overview around the Log4j vulnerability. The list of vulnerable applications is currently one of the most up-to-date ones with continuous input from across the globe. It is still expanding and we are working hard to process all the contributions.

Due to our joint efforts and strong cooperation we are confident that we will be better equipped to manage this situation.

Thank you all very much for your hard work and we keep welcoming your input via GitHub.

Comments
  • APC - PowerChute Business Edition

    APC - PowerChute Business Edition

    Not visible anything on their site yet:

    C:\Program Files (x86)\APC\PowerChute Business Edition\agent\lib>dir | findstr log4j

    10-12-2020 18:42 264,058 log4j-api-2.11.1.jar 10-12-2020 18:42 1,607,936 log4j-core-2.11.1.jar 10-12-2020 18:42 23,242 log4j-slf4j-impl-2.11.1.jar

    PowerChute Business Edition - 10.0.2.301

    investigate 
    opened by OS3DrNick 8
  • ESET Secure Authentication

    ESET Secure Authentication

    ESET states that they're not vulnerable, but we have various companies that Have ESET Secure Authentication installed and perform a scan for files, then we see that log4j is included in ESET Secure Authentication in the Elasticsearch component which they're shipping in their binary.

    [2021-12-16 10:19:27.784944] VULNERABLE: C:\Program Files\ESET Secure Authentication\elasticsearch\lib\log4j-core-2.11.1.jar -> org\apache\logging\log4j\core\net\JndiManager.class [04fdd701809d17465c17c7e603b1b202: log4j 2.9.0 - 2.11.2]

    [2021-12-16 10:19:28.847458] VULNERABLE: C:\Program Files\ESET Secure Authentication\elasticsearch\search-guard-tlstool-1.7\deps\log4j-core-2.11.1.jar -> org\apache\logging\log4j\core\net\JndiManager.class [04fdd701809d17465c17c7e603b1b202:log4j 2.9.0 - 2.11.2]

    software PR-requested 
    opened by nvaert1986 6
  • Add Waters product statement

    Add Waters product statement

    Add product statement for family of Waters informatics solutions

    Thank you for your contribution! Some pointers to get it merged quickly:

    For contributions in software/:

    • [x ] PR Title: Please use "Add <vendor/product name>" (instead of "Update README.md")
    • [x ] Status: please select a value from the status table at the top
    • [ x] Version: Status Vulnerable / Workaround? -> List vulnerable versions. Status Fix? -> List fixed versions.
    • [x ] Links: make sure you link to a public statement by the developer. Alternatively, include and link a file in the software/vendor-statements/ directory
    • [x ] Please mind the sorting
    software Stale 
    opened by StefanTIB 5
  • Update voor Dell EMC Unity

    Update voor Dell EMC Unity

    Dell EMC heeft versie 5.1.2.0.5.007 voor de Dell EMC Unity uitgebracht. "This release addresses the Apache Log4j issue", maar aangezien er (nog) geen release notes beschikbaar zijn weet ik niet welke van de CVE's wel of niet verholpen zijn.

    opened by dennixxNL 5
  • Add Fedex Ship Manager

    Add Fedex Ship Manager

    Updated Fedex Ship Manager to 3509, adding notes about pending 3510 update 1/24.

    Thank you for your contribution! Some pointers to get it merged quickly:

    For contributions in software/:

    • [ ] PR Title: Please use "Add <vendor/product name>" (instead of "Update README.md")
    • [ ] Status: please select a value from the status table at the top
    • [ ] Version: Status Vulnerable / Workaround? -> List vulnerable versions. Status Fix? -> List fixed versions.
    • [ ] Links: make sure you link to a public statement by the developer. Alternatively, include and link a file in the software/vendor-statements/ directory
    • [ ] Please mind the sorting
    software Stale 
    opened by Gadgetgeek2000 5
  • FEDEX Ship Manager

    FEDEX Ship Manager

    Following files were found on the FEDEX Ship Manager server installation, version 3508:

    C:\Program Files (x86)\FedEx\ShipManager\BIN\OfflineFastServicePublisher_lib\log4j-api-2.8.2.jar C:\Program Files (x86)\FedEx\ShipManager\BIN\OfflineFastServicePublisher_lib\log4j-core-2.8.2.jar C:\Program Files (x86)\FedEx\ShipManager\BIN\OfflineFastServicePublisher_lib\log4j-jcl-2.8.2.jar C:\Program Files (x86)\FedEx\ShipManager\BIN\OfflineFastServicePublisher_lib\log4j-slf4j-impl-2.8.2.jar C:\Program Files (x86)\FedEx\ShipManager\BIN\OfflineFastServicePublisher_lib\log4jna-api-2.0.jar

    software PR-requested 
    opened by Gadgetgeek2000 5
  • Add Beyond Compare and Bitwarden not vuln

    Add Beyond Compare and Bitwarden not vuln

    Neighter are vuln Beyondcompare makes the remark in the footer of there site.

    Thank you for your contribution! Some pointers to get it merged quickly:

    For contributions in software/:

    • Status: please select a value from the status table at the top
    • Version: Status Vulnerable / Workaround? -> List vulnerable versions. Status Fix? -> List fixed versions.
    • Links: make sure you link to a public statement by the developer. Alternatively, include and link a file in the software/vendor-statements/ directory
    • Please mind the sorting
    • Please put vendor/product name in PR title (instead of "Update README.md")
    opened by abtomat-inf 5
  • Added note from Schneider Electric about APC software

    Added note from Schneider Electric about APC software

    Thank you for your contribution! Some pointers to get it merged quickly:

    For contributions in software/:

    • Status: please select a value from the status table at the top
    • Version: Status Vulnerable / Workaround? -> List vulnerable versions. Status Fix? -> List fixed versions.
    • Links: make sure you link to a public statement by the developer. Alternatively, include and link a file in the software/vendor-statements/ directory
    • Please mind the sorting
    • Please put vendor/product name in PR title (instead of "Update README.md")
    opened by ipbgeek 5
  • Add Fujifilm to software list

    Add Fujifilm to software list

    from advisory sent by vendor

    Thank you for your contribution! Some pointers to get it merged quickly:

    For contributions in software/:

    • [x] PR Title: Please use "Add <vendor/product name>" (instead of "Update README.md")
    • [x] Status: please select a value from the status table at the top
    • [x] Version: Status Vulnerable / Workaround? -> List vulnerable versions. Status Fix? -> List fixed versions.
    • [x] Links: make sure you link to a public statement by the developer. Alternatively, include and link a file in the software/vendor-statements/ directory
    • [x] Please mind the sorting
    software Stale 
    opened by alkajazz 4
  • Update software_list_s.md

    Update software_list_s.md

    Updated Stormshield with specific advisory for StormShield Visibility Center (only product announced vulnerable to CVE-2021-44228) Updated SonicWall product list based on v2.3 of their advisory

    Thank you for your contribution! Some pointers to get it merged quickly:

    For contributions in software/:

    • [x] PR Title: Please use "Add <vendor/product name>" (instead of "Update README.md")
    • [x] Status: please select a value from the status table at the top
    • [x] Version: Status Vulnerable / Workaround? -> List vulnerable versions. Status Fix? -> List fixed versions.
    • [x] Links: make sure you link to a public statement by the developer. Alternatively, include and link a file in the software/vendor-statements/ directory
    • [x] Please mind the sorting
    software 
    opened by anssi-cvp 4
  • please improve formatting quality

    please improve formatting quality

    The quality of markdown tables is slowly deteriorating:

    • some entries don't have a trailing |, some do
    • some table uses a different separator than |:----, namely |----

    This makes it hard for automated parsing tools to access the data.

    Doing a one-shot cleanup and sending a pull request fixing half the entries would not be wise, because it would make all the other waiting pull requests unmergeable. Also, implementing a commit hook would make the entire file un-commitable.

    My idea would be to

    • fix |:--- manually
    • ask contributors for a more rigid input formatting
    • add a pre-merge-commit hook, that would only check the diff for violations of the code, so that the old code can still be ugly (for some time)
    software PR-requested 
    opened by milankowww 4
Releases(log4shell_info_20220615)
Owner
Nationaal Cyber Security Centrum (NCSC-NL)
Nationaal Cyber Security Centrum (NCSC-NL)
GitHub Repository
MSDorkDump is a Google Dork File Finder that queries a specified domain name and variety of file extensions

MSDorkDump is a Google Dork File Finder that queries a specified domain name and variety of file extensions (pdf, doc, docx, etc), and downloads them.

Joe Helle 150 Jan 03, 2023
Fuzzercorn - Bring libfuzzer to Unicorn

Fuzzercorn libfuzzer bindings for Unicorn. API // The main entry point of the fu

lazymio 23 Nov 17, 2022
Backdoor is a term that refers to the access of the software or hardware of a computer system without being detected.

This program is an non-object oriented opensource, hidden and undetectable backdoor/reverse shell/RAT for Windows made in Python 3 which contains many features such as multi-client support and cross-

35 Apr 17, 2022
Pgen is the best brute force password generator and it is improved from the cupp.py

pgen Pgen is the best brute force password generator and it is improved from the cupp.py The pgen tool is dedicated to Leonardo da Vinci -Time stays l

heyheykids 2 Jan 31, 2022
BOF-Roaster is an automated buffer overflow exploit machine which is begin written with Python 3.

BOF-Roaster is an automated buffer overflow exploit machine which is begin written with Python 3. On first release it was able to successfully break many of the most well-known buffer overflow exampl

Kaan Caglan 5 Nov 23, 2021
Log4jScanner is a Log4j Related CVEs Scanner, Designed to Help Penetration Testers to Perform Black Box Testing on given subdomains.

Log4jScanner Log4jScanner is a Log4j Related CVEs Scanner, Designed to Help Penetration Testers to Perform Black Box Testing on given subdomains. Disc

Pushpender Singh 35 Dec 12, 2022
Js File Scanner This is Js File Scanner

Js File Scanner This is Js File Scanner . Which are scan in js file and find juicy information Toke,Password Etc.

122 Dec 12, 2022
Coerce authentication from Windows hosts via MS-FSRVP (Requires FS-VSS-AGENT service running on host)

VSSTrigger Coerce authentication from Windows hosts via MS-FSRVP (Requires FS-VS

Filip Dragovic 6 Jul 24, 2022
Python program that generates secure passwords.

Python program that generates secure passwords. The user has the option to select the length of the password, amount of passwords,

4 Dec 07, 2021
A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

This project is no longer maintained March 2020 Update: Please go see the amazing Pysa tutorial that should get you up to speed finding security vulne

2.1k Dec 25, 2022
Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.

Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.

Astro 9 Sep 27, 2022
MongoDB-Injection - This challenge-script is custom-made for web-server running MongoDB which is vulnerable to No-SQL injection

MongoDB-Injection Cheesy Multi-threaded script for NoSQL Injection This challeng

Caretaker 2 Jun 06, 2022
A passive-recon tool that parses through found assets and interacts with the Hackerone API

Hackerone Passive Recon Tool A passive-recon tool that parses through found assets and interacts with the Hackerone API. Setup Simply run setup.sh to

elbee 4 Jan 13, 2022
Python exploit code for CVE-2021-4034 (pwnkit)

Python3 code to exploit CVE-2021-4034 (PWNKIT). This was an exercise in "can I make this work in Python?", and not meant as a robust exploit. It Works

Joe Ammond 92 Dec 29, 2022
Kunyu, more efficient corporate asset collection

Kunyu(坤舆) - More efficient corporate asset collection English | 中文文档 0x00 Introduce Tool introduction Kunyu (kunyu), whose name is taken from , is act

Knownsec, Inc. 772 Jan 05, 2023
You can crack any zip file and get the password.

Zip-Cracker Video Lesson : This is a Very powerfull Zip File Crack tool for termux users. Check 500 000 Passwords in 30 seconds Unique Performance Che

Razor Kenway 13 Oct 24, 2022
To explore creating an application that detects available connections at once from wifi and bluetooth

Signalum A Linux Package to detect and analyze existing connections from wifi and bluetooth. Also checkout the Desktop Application. Signalum Installat

BISOHNS 56 Mar 03, 2021
AMC- Automatic Media Access Control [MAC] Address Spoofing Tool

AMC (Automatic Media Access Control [MAC] Address Spoofing tool), helps you to protect your real network hardware identity. Each entered time interval your hardware address was changed automatically.

Dipen Chavan 14 Dec 23, 2022
Password Manager is a simple Python project which helps users in managing their passwords in a easier way

Password Manager is a simple Python project which helps users in managing their passwords in a easier way

Manish Jalui 4 Sep 29, 2021
😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.

😭 WSOB (CVE-2022-29464) 😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464. CVE-2022-29464 details:

0p 25 Oct 14, 2022