mirror of
https://github.com/0xMarcio/cve.git
synced 2026-04-12 00:58:33 +02:00
4.2 KiB
4.2 KiB
CVE-2017-5645
Description
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
POC
Reference
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Github
- https://github.com/A-TPL-Bench/LibHunter
- https://github.com/ADP-Dynatrace/dt-appsec-powerup
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/ARPSyndicate/cvemon
- https://github.com/AdeliaNitzsche/Java-Deserialization-Cheat-Sheet
- https://github.com/Anonymous-Phunter/PHunter
- https://github.com/BrittanyKuhn/javascript-tutorial
- https://github.com/CGCL-codes/LibHunter
- https://github.com/CGCL-codes/PHunter
- https://github.com/CrackerCat/myhktools
- https://github.com/GhostTroops/myhktools
- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
- https://github.com/HackJava/HackLog4j2
- https://github.com/HackJava/Log4j2
- https://github.com/HynekPetrak/log4shell-finder
- https://github.com/LibHunter/LibHunter
- https://github.com/ManuelBravoR/NVD-CVE-Scanner-TelegramNotifier
- https://github.com/Marcelektro/Log4J-RCE-Implementation
- https://github.com/PalindromeLabs/Java-Deserialization-CVEs
- https://github.com/SexyBeast233/SecBooks
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/XiaomingX/awesome-poc-for-red-team
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/brunsu/woodswiki
- https://github.com/cyberharsh/log4j
- https://github.com/do0dl3/myhktools
- https://github.com/f-this/f-apache
- https://github.com/gumimin/dependency-check-sample
- https://github.com/hktalent/myhktools
- https://github.com/hxysaury/saury-vulnhub
- https://github.com/iqrok/myhktools
- https://github.com/klausware/Java-Deserialization-Cheat-Sheet
- https://github.com/logpresso/CVE-2021-44228-Scanner
- https://github.com/ltslog/ltslog
- https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet
- https://github.com/pen4uin/awesome-vulnerability-research
- https://github.com/pen4uin/vulnerability-research
- https://github.com/pen4uin/vulnerability-research-list
- https://github.com/pimps/CVE-2017-5645
- https://github.com/q99266/saury-vulnhub
- https://github.com/rodriguezcappsec/java-vulnerabilities
- https://github.com/shadow-horse/CVE-2019-17571
- https://github.com/spmonkey/spassassin
- https://github.com/thl-cmk/CVE-log4j-check_mk-plugin
- https://github.com/touchmycrazyredhat/myhktools
- https://github.com/trhacknon/CVE-2021-44228-Scanner
- https://github.com/trhacknon/log4shell-finder
- https://github.com/trhacknon/myhktools
- https://github.com/woods-sega/woodswiki
- https://github.com/zema1/oracle-vuln-crawler