A singular file to protect as many Minecraft servers and clients as possible from the Log4j exploit (CVE-2021-44228).

Overview

MC-Log4J-Patcher

The goal of this project is to provide Minecraft players, and server owners, peace of mind in regards to the recently discovered Log4J exploit (CVE-2021-44228).
Currently this project looks for any Log4J format strings, not just jndi, and either replaces them or stops them from being logged entirely depending on your configuration.

See features, supported platforms, and more below.

I would much appreciate any help from others, whether it be by contributing or by suggesting features, platforms, etc. via an issue.

Supported Platforms

Planned Platforms

  • Velocity
  • Sponge
  • Forge (I know it should be fixed, but people keep asking me to make a mod anyways)
  • Vanilla/All Clients via Java Agent

Features

Spigot

  • Chat & Command filter
  • Item Name filter
  • Player username filter (for offline/bungee servers) (Yes, usernames can be Log4J formats)
  • Mob name filter (Spawning & Renaming)

Bungee

  • Chat & Command filter
  • Player username filter (Yes, usernames can be Log4J formats)

Config

  • Customizable messages
  • Toggles for all listeners, individual for each platform

Specifics need to be filled in

You might also like...

UniFi Proxy makes it possible to integrate third-party hardware into UniFi Protect

UniFi Proxy makes it possible to integrate third-party hardware into UniFi Protect

UniFi Proxy UniFi Proxy makes it possible to integrate third-party hardware into UniFi Protect. For testing purposes only, it is recommended to purcha

Dec 27, 2022

Apache Log4j2 CVE-2021-44228 RCE Demo with RMI and LDAP

Apache Log4j2 CVE-2021-44228 RCE Demo with RMI and LDAP

CVE-2021-44228-Demo 利用 CVE-2021-44228,通过 RMI 和 LDAP 两种方式远程注入代码的示例。 Exploit class from RMI Server loaded Hello, ${jndi:rmi://127.0.0.1:1099/exploit} Ex

Dec 14, 2021

log4j2 Log4Shell CVE-2021-44228 proof of concept

log4j2 Log4Shell CVE-2021-44228 proof of concept

Log4Shell CVE-2021-44228 proof of concept Requirement Java (JDK/JRE) 8 or later version curl exploitable Simple spring boot application that serves a

Dec 21, 2021

An evil RMI server that can launch an arbitrary command. May be useful for CVE-2021-44228

evil-rmi-server An evil RMI server that can launch an arbitrary command. May be useful for CVE-2021-44228 in a local privesc scenario Build ./gradlew

Nov 9, 2022

Test case to check if the Log4Shell/CVE-2021-44228 hotfix will raise any unexpected exceptions

Log4Shell Hotfix Side Effect Test Case I wanted to know if any ClassNotFoundException or similar unexpected exception is raised when one applies the C

Nov 9, 2022

A short demo of CVE-2021-44228

sample-ldap-exploit A short demo of CVE-2021-44228 Build $ mvn clean verify Run Attacker $ java \ -cp 'attacker/target/sample-attacker.jar:attacker

Oct 19, 2022

Spring Boot web application vulnerable to CVE-2021-44228, nicknamed Log4Shell.

Spring Boot web application vulnerable to CVE-2021-44228, nicknamed Log4Shell.

Log4Shell sample vulnerable application (CVE-2021-44228) This repository contains a Spring Boot web application vulnerable to CVE-2021-44228, nickname

Jan 5, 2023

Vulnerability CVE-2021-44228 checker

CVE-2021-44228 checker This is the repository for checking for vulnerability CVE-2021-44228. This is a PoC that only displays strings without any exte

Nov 9, 2022

Two Spring-boot applications registering themselves to an spring-boot-admin-server application as separate clients for the purpose of monitoring and managing the clients

Two Spring-boot applications registering themselves to an spring-boot-admin-server application as separate clients for the purpose of monitoring and managing the clients

Spring-boot-admin implementation with 1 Server and 2 clients Creating a Server application to monitor and manage Spring boot applications (clients) un

Dec 6, 2022
Owner
Koupa Taylor
Australian Software & Web Dev, Gamer and partial Twitch Streamer
Koupa Taylor
Scan and patch tool for CVE-2021-44228 and related log4j concerns.

A Log4J2 CVE-2021-44228 Vulnerability Scanner and Patcher Links to download the latest version: Linux x64 with glibc2.17+ (RHEL7+) Windows & all other

SAS Software 33 Jun 1, 2022
Small example repo for looking into log4j CVE-2021-44228

log4j CVE-2021-44228 Lame useless repo to look into log4j CVE-2021-44228. Setup The repository contains a .idea/ folder which is a IntelliJ IDEA proje

null 65 Dec 13, 2022
Log4j CVE-2021-44228 examples: Remote Code Execution (through LDAP, RMI, ...), Forced DNS queries, ...

Log4j CVE-2021-44228 and CVE-2021-45046 Requisites Use a vulnerable JDK, for instance JDK 1.8.0_181 Usage Malicious server The malicious server deploy

Manuel Álvarez Álvarez 5 Feb 7, 2022
CVE-2021-44228 - Apache log4j RCE quick test

Build ./build.sh Start log4j RCE Server ./start-log4j-rce-server.sh Test Run java -cp log4j-rce-1.0-SNAPSHOT-all.jar log4j Check if you get logs in ha

Jeffrey Li 3 Feb 1, 2022
Some tools to help mitigating Apache Log4j 2 CVE-2021-44228

JndiLookup Some tool to help analyzing Apache Log4j 2 CVE-2021-44228 This tool uses the "lookup" feature from log4j-2 to test against the JNDI vulnera

Daniel Fages 3 Dec 18, 2021
This project will help to test the Log4j CVE-2021-44228 vulnerability.

Log4j-JNDIServer This project will help to test the Log4j CVE-2021-44228/CVE-2021-45046 vulnerabilities. Installation and Building Load the project on

Immunity, Inc 9 Jun 30, 2022
Spring Boot Log4j - CVE-2021-44228 Docker Lab

Spring Boot Log4j - CVE-2021-44228 The Log4Shell vulnerability (CVE-2021-44228) ultimately is a quite simple JNDI Injection flaw, but in a really real

Tri Wanda Septian 19 Jun 10, 2022
Deploys an agent to fix CVE-2021-44228 (Log4j RCE vulnerability) in a running JVM process

-- This repository has been archived -- Further development of this tool will continue at corretto/hotpatch-for-apache-log4j2. Thanks for sharing, com

Volker Simonis 108 Dec 23, 2021
Log4j-RCE (CVE-2021-44228) Proof of Concept with additional information

Log4J-RCE-Proof-Of-Concept (CVE-2021-44228) This is a proof of concept of the log4j rce. Here are some links for the CVE-2021-44228: https://www.lunas

Johannes Jäger 181 Dec 2, 2022
An agent to hotpatch the log4j RCE from CVE-2021-44228.

Log4jHotPatch This is a tool which injects a Java agent into a running JVM process. The agent will attempt to patch the lookup() method of all loaded

null 493 Dec 13, 2022