mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-26 05:17:47 +02:00
marc
45 lines
2.0 KiB
Markdown
45 lines
2.0 KiB
Markdown
### [CVE-2021-42550](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42550)
|
|
|
|
|
|
|
|
|
|
### Description
|
|
|
|
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
|
|
|
|
### POC
|
|
|
|
#### Reference
|
|
- http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html
|
|
- http://seclists.org/fulldisclosure/2022/Jul/11
|
|
|
|
#### Github
|
|
- https://github.com/ARPSyndicate/cvemon
|
|
- https://github.com/CUBETIQ/cubetiq-security-advisors
|
|
- https://github.com/Dokyeongyun/SW_Knowledge
|
|
- https://github.com/GGongnanE/TodayILearned
|
|
- https://github.com/HynekPetrak/log4shell-finder
|
|
- https://github.com/OsiriX-Foundation/karnak
|
|
- https://github.com/Pluralsight-SORCERI/log4j-resources
|
|
- https://github.com/arstulke/CardBoard
|
|
- https://github.com/emilywang0/CVE_testing_VULN
|
|
- https://github.com/emilywang0/MergeBase_test_vuln
|
|
- https://github.com/hinat0y/Dataset1
|
|
- https://github.com/hinat0y/Dataset10
|
|
- https://github.com/hinat0y/Dataset11
|
|
- https://github.com/hinat0y/Dataset12
|
|
- https://github.com/hinat0y/Dataset2
|
|
- https://github.com/hinat0y/Dataset3
|
|
- https://github.com/hinat0y/Dataset4
|
|
- https://github.com/hinat0y/Dataset5
|
|
- https://github.com/hinat0y/Dataset6
|
|
- https://github.com/hinat0y/Dataset7
|
|
- https://github.com/hinat0y/Dataset8
|
|
- https://github.com/hinat0y/Dataset9
|
|
- https://github.com/logpresso/CVE-2021-44228-Scanner
|
|
- https://github.com/scordero1234/java_sec_demo-main
|
|
- https://github.com/thl-cmk/CVE-log4j-check_mk-plugin
|
|
- https://github.com/trhacknon/CVE-2021-44228-Scanner
|
|
- https://github.com/trhacknon/log4shell-finder
|
|
|