CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-05-24 07:34:01 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
8e2ebbf9bd04edab52d0cbcbc6c2f6e2cfdaa67d
CVEs-PoC/2020/CVE-2020-9488.md
T
0xMarcio 48a00929ac Removed duplicates
2024-06-18 02:51:15 +02:00

43 lines
2.1 KiB
Markdown
Raw Blame History

### [CVE-2020-9488](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9488)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20Log4j&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=log4j-core%3C%202.12.3%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Validation%20of%20Certificate%20with%20Host%20Mismatch&color=brighgreen)
### Description
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
### POC
#### Reference
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Dzmitry-Basiachenka/dist-foreign-aliakh
- https://github.com/GavinStevensHoboken/log4j
- https://github.com/HynekPetrak/log4shell-finder
- https://github.com/RihanaDave/logging-log4j1-main
- https://github.com/Schnitker/log4j-min
- https://github.com/albert-liu435/logging-log4j-1_2_17
- https://github.com/andrewd-sysdig/sysdig_package_report
- https://github.com/apache/logging-log4j1
- https://github.com/averemee-si/oracdc
- https://github.com/davejwilson/azure-spark-pools-log4j
- https://github.com/f-this/f-apache
- https://github.com/gumimin/dependency-check-sample
- https://github.com/jaspervanderhoek/MicroflowScheduledEventManager
- https://github.com/lel99999/dev_MesosRI
- https://github.com/logpresso/CVE-2021-44228-Scanner
- https://github.com/ltslog/ltslog
- https://github.com/thl-cmk/CVE-log4j-check_mk-plugin
- https://github.com/trhacknon/CVE-2021-44228-Scanner
- https://github.com/trhacknon/log4shell-finder
- https://github.com/whitesource/log4j-detect-distribution
Reference in New Issue View Git Blame Copy Permalink