Merge pull request #4847 from ritikchaddha/Update-metadata-query
Log4j templates enhancementpatch-1
commit
22e47c889b
|
@ -4,7 +4,8 @@ info:
|
|||
name: Apache Log4j2 Remote Code Injection
|
||||
author: melbadry9,dhiyaneshDK,daffainfo,anon-artist,0xceba,Tea
|
||||
severity: critical
|
||||
description: Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.
|
||||
description: |
|
||||
Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.
|
||||
reference:
|
||||
- https://logging.apache.org/log4j/2.x/security.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-44228
|
||||
|
|
|
@ -10,6 +10,7 @@ info:
|
|||
- https://twitter.com/marcioalm/status/1471740771581652995
|
||||
- https://logging.apache.org/log4j/2.x/
|
||||
- http://www.openwall.com/lists/oss-security/2021/12/14/4
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-44228
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 9
|
||||
|
|
|
@ -8,14 +8,17 @@ info:
|
|||
Apache OFBiz is affected by a remote code execution vulnerability in the bundled Apache Log4j logging library. Apache Log4j is vulnerable due to insufficient protections on message lookup substitutions when dealing with user controlled input. A remote, unauthenticated attacker can exploit this, via a web request, to execute arbitrary code with the permission level of the running Java process.
|
||||
reference:
|
||||
- https://issues.apache.org/jira/browse/OFBIZ-12449
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-44228
|
||||
- https://ofbiz.apache.org/
|
||||
- https://logging.apache.org/log4j/2.x/security.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-44228
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cwe-id: CWE-77
|
||||
remediation: Upgrade to Apache OFBiz version 8.12.03 or later.
|
||||
tags: ofbiz,oast,log4j,rce,apache,jndi
|
||||
metadata:
|
||||
shodan-query: http.html:"Apache OFBiz"
|
||||
tags: cve,cve2021,ofbiz,oast,log4j,rce,apache,jndi
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -10,12 +10,16 @@ info:
|
|||
- https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228
|
||||
- https://twitter.com/sirifu4k1/status/1470011568834424837
|
||||
- https://github.com/apache/solr/pull/454
|
||||
- https://logging.apache.org/log4j/2.x/security.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-44228
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cwe-id: CWE-77
|
||||
tags: solr,oast,log4j,rce,apache,jndi
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"Apache Solr"
|
||||
tags: cve,cve2021,solr,oast,log4j,rce,apache,jndi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -13,6 +13,8 @@ info:
|
|||
- On-premises Code42 app: Updated to Log4j 2.16 on December 17, 2021
|
||||
reference:
|
||||
- https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_response_to_industry_security_incidents
|
||||
- https://logging.apache.org/log4j/2.x/security.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-44228
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
|
|
|
@ -9,11 +9,16 @@ info:
|
|||
reference:
|
||||
- https://github.com/random-robbie/jamf-log4j
|
||||
- https://community.connection.com/what-is-jamf/
|
||||
- https://logging.apache.org/log4j/2.x/security.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-44228
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cwe-id: CWE-77
|
||||
tags: rce,jndi,log4j,jamf
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"JamF"
|
||||
tags: cve,cve2021,rce,jndi,log4j,jamf,oast
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -3,18 +3,22 @@ id: mobileiron-log4j-jndi-rce
|
|||
info:
|
||||
name: Ivanti MobileIron Log4J JNDI RCE
|
||||
author: meme-lord
|
||||
severity: high
|
||||
severity: critical
|
||||
description: Ivanti MobileIron Apache Log4j2 <=2.14.1 JNDI in features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker
|
||||
who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.
|
||||
reference:
|
||||
- https://github.com/advisories/GHSA-jfh8-c2jp-5v3q
|
||||
- https://www.lunasec.io/docs/blog/log4j-zero-day/
|
||||
- https://www.zdnet.com/article/mobileiron-customers-urged-to-patch-systems-due-to-potential-log4j-exploitation/
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
|
||||
- https://logging.apache.org/log4j/2.x/security.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-44228
|
||||
classification:
|
||||
cve-id: CVE-2021-44228
|
||||
remediation: Upgrade to version 2.14.2 or higher of MobileIron. If this is not possible, several Log4j exploit workarounds are available.
|
||||
tags: jndi,log4j,rce,cve,cve2021
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"MobileIron"
|
||||
tags: jndi,log4j,rce,cve,cve2021,ivanti,oast,mobileiron
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -4,17 +4,21 @@ info:
|
|||
name: UniFi Network Application - Remote Code Execution (Log4j)
|
||||
author: KrE80r
|
||||
severity: critical
|
||||
description: UniFi Network Application is susceptible to a critical vulnerability in Apache Log4j (CVE-2021-44228) that may allow for remote code execution in an impacted implementation.
|
||||
description: |
|
||||
UniFi Network Application is susceptible to a critical vulnerability in Apache Log4j (CVE-2021-44228) that may allow for remote code execution in an impacted implementation.
|
||||
reference:
|
||||
- https://community.ui.com/releases/UniFi-Network-Application-6-5-55/48c64137-4a4a-41f7-b7e4-3bee505ae16e
|
||||
- https://twitter.com/sprocket_ed/status/1473301038832701441
|
||||
metadata:
|
||||
shodan-query: http.title:"UniFi Network"
|
||||
- https://logging.apache.org/log4j/2.x/security.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-44228
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cwe-id: CWE-77
|
||||
tags: rce,log4j,ubnt,unifi,oast,jndi
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"UniFi Network"
|
||||
tags: cve,cve2021,rce,log4j,ubnt,unifi,oast,jndi
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -9,13 +9,15 @@ info:
|
|||
- https://logging.apache.org/log4j/2.x/security.html
|
||||
- https://www.lunasec.io/docs/blog/log4j-zero-day/
|
||||
- https://github.com/twseptian/Spring-Boot-Log4j-CVE-2021-44228-Docker-Lab
|
||||
- https://logging.apache.org/log4j/2.x/security.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-44228
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cve-id: CVE-2021-44228
|
||||
cwe-id: CWE-502
|
||||
remediation: Upgrade to Log4j 2.3.1 (for Java 6), 2.12.3 (for Java 7), or 2.17.0 (for Java 8 and later).
|
||||
tags: springboot,rce,oast,log4j
|
||||
tags: cve,cve2021,springboot,rce,oast,log4j
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -3,12 +3,18 @@ id: vmware-horizon-log4j-jndi-rce
|
|||
info:
|
||||
name: VMware Horizon Log4j JNDI RCE
|
||||
author: johnk3r
|
||||
severity: high
|
||||
description: A critical vulnerability in Apache Log4j identified by CVE-2021-44228 has been publicly disclosed that may allow for remote code execution in impacted VMware Horizon.
|
||||
severity: critical
|
||||
description: |
|
||||
A critical vulnerability in Apache Log4j identified by CVE-2021-44228 has been publicly disclosed that may allow for remote code execution in impacted VMware Horizon.
|
||||
reference:
|
||||
- https://attackerkb.com/topics/in9sPR2Bzt/cve-2021-44228-log4shell/rapid7-analysis
|
||||
- https://www.vmware.com/security/advisories/VMSA-2021-0028.html
|
||||
tags: rce,jndi,log4j,horizon,vmware
|
||||
- https://logging.apache.org/log4j/2.x/security.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-44228
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"VMware Horizon"
|
||||
tags: cve,cve2021,rce,jndi,log4j,horizon,vmware,oast
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -3,13 +3,18 @@ id: vmware-vcenter-log4j-jndi-rce
|
|||
info:
|
||||
name: VMware VCenter Log4j JNDI RCE
|
||||
author: _0xf4n9x_
|
||||
severity: high
|
||||
description: A critical vulnerability in Apache Log4j identified by CVE-2021-44228 has been publicly disclosed that may allow for remote code execution in impacted VMware VCenter.
|
||||
severity: critical
|
||||
description: |
|
||||
A critical vulnerability in Apache Log4j identified by CVE-2021-44228 has been publicly disclosed that may allow for remote code execution in impacted VMware VCenter.
|
||||
reference:
|
||||
- https://www.vmware.com/security/advisories/VMSA-2021-0028.html
|
||||
- https://github.com/advisories/GHSA-jfh8-c2jp-5v3q
|
||||
- https://twitter.com/tnpitsecurity/status/1469429810216771589
|
||||
tags: rce,jndi,log4j,vcenter,vmware
|
||||
- https://logging.apache.org/log4j/2.x/security.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-44228
|
||||
metadata:
|
||||
shodan-query: title:"VMware VCenter"
|
||||
tags: cve,cve2021,rce,jndi,log4j,vcenter,vmware,oast
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -4,17 +4,21 @@ info:
|
|||
name: VMware vRealize Operations Tenant App Log4j JNDI Remote Code Execution
|
||||
author: bughuntersurya
|
||||
severity: critical
|
||||
description: VMware vRealize Operations is susceptible to a critical vulnerability in Apache Log4j which may allow remote code execution in an impacted vRealize Operations Tenant application.
|
||||
description: |
|
||||
VMware vRealize Operations is susceptible to a critical vulnerability in Apache Log4j which may allow remote code execution in an impacted vRealize Operations Tenant application.
|
||||
reference:
|
||||
- https://www.vmware.com/security/advisories/VMSA-2021-0028.html
|
||||
- https://core.vmware.com/vmsa-2021-0028-questions-answers-faq
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-44228
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-45046
|
||||
- https://logging.apache.org/log4j/2.x/security.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-44228
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"vRealize Operations Tenant App"
|
||||
tags: rce,log4j,vmware,vrealize
|
||||
tags: cve,cve2021,oast,rce,log4j,vmware,vrealize
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
Loading…
Reference in New Issue