Apply class remove process from ear/war/jar/zip archive

Last update: Jan 14, 2022

Related tags

Security Fix-CVE-2021-44228

Overview

CVE-2021-44228!

The current program remove the class "org/apache/logging/log4j/core/lookup/JndiLookup.class" from your zip, jar, war, ear archive.

Before use

Follow the guide https://www.lunasec.io/docs/blog/log4j-zero-day-mitigation-guide/ before using.
The utility will help your to apply "Modify your log4j .jar manually" step if required

How to run

Execute the program before starting your server

wget https://github.com/AlexandreHeroux/Fix-CVE-2021-44228/raw/main/dist/fix-CVE-2021-44228-1.0.1.jar
java -jar fix-CVE-2021-44228-1.0.1.jar /yourFolder

Killergram - Remove sponsored messages of Telegram

Killergram An Android Xposed module to remove sponsored messages of Telegram Support clients Official org.telegram.messenger Official org.telegram.mes

Jan 2, 2023

remove lag on chat message without removing features

Non-blocking chat lookup On a chat message, the client will check if that player is blocked or not. This is an API lookup. But this does not happen on

Jun 27, 2022

A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

Bytecode Viewer Bytecode Viewer - a lightweight user friendly Java Bytecode Viewer. New Features WAR & JSP Loading JADX-Core Decompiler Fixed APK & de

Jan 7, 2023

MariaDB Embedded in Java JAR

What? MariaDB4j is a Java (!) "launcher" for MariaDB (the "backward compatible, drop-in replacement of the MySQL(R) Database Server", see FAQ and Wiki

Jan 4, 2023

Packages your JAR, assets and a JVM for distribution on Windows, Linux and Mac OS X

About Packages your JAR, assets and a JVM for distribution on Windows, Linux and macOS, adding a native executable file to make it appear like a nativ

Dec 24, 2022

maven plugin for making chmod +x jar files

To use it, add a plugin to your pom like !-- You need to build an exectuable uberjar, I like Shade for that -- plugin groupIdorg.apache.mave

Dec 8, 2022

Packages your JAR, assets and a JVM for distribution on Windows, Linux and Mac OS X

About Packages your JAR, assets and a JVM for distribution on Windows, Linux and macOS, adding a native executable file to make it appear like a nativ

Jan 5, 2023

Buildable src reconstructed from the clean Phobos 1.9.0 jar

CLEAN_Phobos_1.9.0-BUILDABLE-SRC Buildable src reconstructed from the clean Phobos 1.9.0 jar. Full buildable and functional, jar in releases is built

Dec 28, 2022

spring boot Fat Jar 应用文件上传漏洞到 RCE 的利用技巧

spring-boot-upload-file-lead-to-rce-tricks 一. 原理文章 Spring Boot Fat Jar 写文件漏洞到稳定 RCE 的探索二. docker 漏洞环境搭建 docker pull landgrey/spring-boot-fat-jar-writ

Jan 8, 2023

Download compiled jar from packages or compile it by yourself from sources

idle_codes Install Download compiled jar from packages or compile it by yourself from sources Put the jar file wherever you want. Make sure you have J

Dec 31, 2021

Afnan007a's Original Ptero-VM made for Pterodactyl, running lightly in a .jar file.

Ptero-VM in a JAR. This project is a Java implementation of Afnan's Ptero-VM that was made for Pterodactyl, this project was created to support a even

Oct 2, 2022

This module explains about the example of Spring MVC + Database Integration with MySQL using Hibernate ORM with practical coding example and required JAR dependencies

SpringMVC-Database-Integration This module explains about the example of Spring MVC + Database Integration with MySQL using Hibernate ORM with practic

Nov 2, 2021

jOOR - Fluent Reflection in Java jOOR is a very simple fluent API that gives access to your Java Class structures in a more intuitive way. The JDK's reflection APIs are hard and verbose to use. Other languages have much simpler constructs to access type meta information at runtime. Let us make Java reflection better.

Overview jOOR stands for jOOR Object Oriented Reflection. It is a simple wrapper for the java.lang.reflect package. jOOR's name is inspired by jOOQ, a

Dec 27, 2022

[INACTIVE] Avian is a lightweight virtual machine and class library designed to provide a useful subset of Java's features, suitable for building self-contained applications.

Avian - A lightweight Java Virtual Machine (JVM) PLEASE NOTE: This project is not currently being developed, maintained, or supported. Feel free to us

Dec 22, 2022

Microserver is a Java 8 native, zero configuration, standards based, battle hardened library to run Java Rest Microservices via a standard Java main class. Supporting pure Microservice or Micro-monolith styles.

Microserver A convenient modular engine for Microservices. Microserver plugins offer seamless integration with Spring (core), Jersey, Guava, Tomcat, G

Dec 19, 2022

Libsvm BSD 3 Libsvm Libsvm is a simple, easy-to-use, and efficient software for SVM classification and regression. It solves C-SVM classification, nu-SVM classification, one-class-SVM, epsilon-SVM regression, and nu-SVM regression. License: BSD 3, .

Libsvm is a simple, easy-to-use, and efficient software for SVM classification and regression. It solves C-SVM classification, nu-SVM classification,

Jan 2, 2023

Microserver is a Java 8 native, zero configuration, standards based, battle hardened library to run Java Rest Microservices via a standard Java main class. Supporting pure Microservice or Micro-monolith styles.

Microserver is a Java 8 native, zero configuration, standards based, battle hardened library to run Java Rest Microservices via a standard Java main class. Supporting pure Microservice or Micro-monolith styles.

Dec 19, 2022

JVM runtime class loading protection agent.（JVM类加载保护agent）

JVM类加载监控agent，可配置黑名单，禁止恶意类加载（包括jsp webshell）

Sep 28, 2022

Class Affairs Management System

csms-Class Affairs Management System 班级事务管理系统项目介绍利用Java实现C/S模式的大学班级内日常事务管理系统（PC版，应用于校内网有线网络访问，暂不开发移动端），不得依赖现有的建模框架，使用swings技术完成如下基本功能需求： 1、班级公告通知 2

Dec 24, 2021

Comments

Add org/apache/log4j/net/JMSAppender.class

So far this works for log4j V2.

Would you mind adding "org/apache/log4j/net/JMSAppender.class" to MALICIOUS_FILES? This would help mitigating log4j V1 problems.

opened by robertdahlem 1
checking permission

Hello,

With v1.0.0 & v1.0.1, could you add a check permission to modify file ?

I have tried to execute this command without sudo java -jar fix-CVE-2021-44228-1.0.0.jar /Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/itms/share/OSGi-Bundles/

Starting scan of /Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/itms/share/OSGi-Bundles Exception in thread "main" java.io.IOException: cannot fix /Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/itms/share/OSGi-Bundles/org.apache.logging.log4j.core-2.11.2.jar at com.infinisolution.fix.BaseFix.scanArchive(BaseFix.java:70) at com.infinisolution.fix.BaseFix.scan(BaseFix.java:46) at com.infinisolution.fix.BaseFix.scan(BaseFix.java:43) at com.infinisolution.fix.BaseFix.run(BaseFix.java:32) at com.infinisolution.fix.cve202144228.FixCVE202144228.main(FixCVE202144228.java:24)

With sudo java -jar fix-CVE-2021-44228-1.0.0.jar /Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/itms/share/OSGi-Bundles/ it is working : Number of fixed files 1 /Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/itms/share/OSGi-Bundles/org.apache.logging.log4j.core-2.11.2.jar

opened by maxooo31 1

Apply class remove process from ear/war/jar/zip archive

Related tags

Overview

CVE-2021-44228!

Before use

How to run

You might also like...

Killergram - Remove sponsored messages of Telegram

remove lag on chat message without removing features

A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

MariaDB Embedded in Java JAR

Packages your JAR, assets and a JVM for distribution on Windows, Linux and Mac OS X

maven plugin for making chmod +x jar files

Packages your JAR, assets and a JVM for distribution on Windows, Linux and Mac OS X

Buildable src reconstructed from the clean Phobos 1.9.0 jar

spring boot Fat Jar 应用文件上传漏洞到 RCE 的利用技巧

Download compiled jar from packages or compile it by yourself from sources

Afnan007a's Original Ptero-VM made for Pterodactyl, running lightly in a .jar file.

This module explains about the example of Spring MVC + Database Integration with MySQL using Hibernate ORM with practical coding example and required JAR dependencies

[INACTIVE] Avian is a lightweight virtual machine and class library designed to provide a useful subset of Java's features, suitable for building self-contained applications.

Microserver is a Java 8 native, zero configuration, standards based, battle hardened library to run Java Rest Microservices via a standard Java main class. Supporting pure Microservice or Micro-monolith styles.

Libsvm BSD 3 Libsvm Libsvm is a simple, easy-to-use, and efficient software for SVM classification and regression. It solves C-SVM classification, nu-SVM classification, one-class-SVM, epsilon-SVM regression, and nu-SVM regression. License: BSD 3, .

Microserver is a Java 8 native, zero configuration, standards based, battle hardened library to run Java Rest Microservices via a standard Java main class. Supporting pure Microservice or Micro-monolith styles.

JVM runtime class loading protection agent.（JVM类加载保护agent）

Class Affairs Management System

Comments

Add org/apache/log4j/net/JMSAppender.class

checking permission

Owner

Alexandre Heroux

JVM runtime class loading protection agent.（JVM类加载保护agent）

Log4Shell RCE exploit using a gadget class. Not dependent on an old JDK version to work.

evilzip lets you create a zip file(with password) that contains files with directory traversal characters in their embedded path.

Library for converting from one Java class to a dissimilar Java class with similar names based on the Bean convention

Reference implementation for MINAS (MultI-class learNing Algorithm for data Streams), an algorithm to address novelty detection in data streams multi-class problems.

It contains a simple program to apply basic arithmetic operations in Morse code

Automatically discover and tag PII data across BigQuery tables and apply column-level access controls based on confidentiality level.

Kyrestia, named after Kyrestia the Firstborne, is a process engine supporting mainstream process definition standards.

Unnerved by 1.18 fog? This Spigot plugin will remove it!