Test case to check if the Log4Shell/CVE-2021-44228 hotfix will raise any unexpected exceptions

Last update: Nov 9, 2022

Related tags

Overview

Log4Shell Hotfix Side Effect Test Case

I wanted to know if any ClassNotFoundException or similar unexpected exception is raised when one applies the CVE-2021-44228 aka Log4Shell hotfix as recommended here.

Result: It looks like no exception is bubbling up.

To test this execute the following commands:

./gradlew clean installDist
env JAVA_OPTS=-Xmx64M ./build/install/log4shell-hotfix-side-effect/bin/log4shell-hotfix-side-effect

It will log a bunch of messages and timings and there should be no exceptions.

If the log4j jar file is not patched properly there should be a measurable delay between the messages (or you might even get an RCE, YMMV).

Log4j CVE-2021-44228 examples: Remote Code Execution (through LDAP, RMI, ...), Forced DNS queries, ...

Log4j CVE-2021-44228 and CVE-2021-45046 Requisites Use a vulnerable JDK, for instance JDK 1.8.0_181 Usage Malicious server The malicious server deploy

Feb 7, 2022

Some tools to help mitigating Apache Log4j 2 CVE-2021-44228

JndiLookup Some tool to help analyzing Apache Log4j 2 CVE-2021-44228 This tool uses the "lookup" feature from log4j-2 to test against the JNDI vulnera

Dec 18, 2021

A short demo of CVE-2021-44228

sample-ldap-exploit A short demo of CVE-2021-44228 Build $ mvn clean verify Run Attacker $ java \ -cp 'attacker/target/sample-attacker.jar:attacker

Oct 19, 2022

Spring Boot Log4j - CVE-2021-44228 Docker Lab

Spring Boot Log4j - CVE-2021-44228 The Log4Shell vulnerability (CVE-2021-44228) ultimately is a quite simple JNDI Injection flaw, but in a really real

Jun 10, 2022

Vulnerability CVE-2021-44228 checker

CVE-2021-44228 checker This is the repository for checking for vulnerability CVE-2021-44228. This is a PoC that only displays strings without any exte

Nov 9, 2022

Deploys an agent to fix CVE-2021-44228 (Log4j RCE vulnerability) in a running JVM process

-- This repository has been archived -- Further development of this tool will continue at corretto/hotpatch-for-apache-log4j2. Thanks for sharing, com

Dec 23, 2021

Log4j-RCE (CVE-2021-44228) Proof of Concept with additional information

Log4J-RCE-Proof-Of-Concept (CVE-2021-44228) This is a proof of concept of the log4j rce. Here are some links for the CVE-2021-44228: https://www.lunas

Dec 2, 2022

An agent to hotpatch the log4j RCE from CVE-2021-44228.

Log4jHotPatch This is a tool which injects a Java agent into a running JVM process. The agent will attempt to patch the lookup() method of all loaded

Dec 13, 2022

Logout4Shell - Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell

Logout4Shell Description A vulnerability impacting Apache Log4j versions 2.0 through 2.14.1 was disclosed on the project’s Github on December 9, 2021.

Jan 3, 2023

Owner

Malte S. Stretz

GitHub https://logging.apache.org/log4j/2.x/security.html#Fixed_in_Log4j_2.16.0

Spring Boot web application vulnerable to CVE-2021-44228, nicknamed Log4Shell.

Log4Shell sample vulnerable application (CVE-2021-44228) This repository contains a Spring Boot web application vulnerable to CVE-2021-44228, nickname

1k Jan 5, 2023

CVE-2021-44228 - Apache log4j RCE quick test

Build ./build.sh Start log4j RCE Server ./start-log4j-rce-server.sh Test Run java -cp log4j-rce-1.0-SNAPSHOT-all.jar log4j Check if you get logs in ha

3 Feb 1, 2022

This project will help to test the Log4j CVE-2021-44228 vulnerability.

Log4j-JNDIServer This project will help to test the Log4j CVE-2021-44228/CVE-2021-45046 vulnerabilities. Installation and Building Load the project on

9 Jun 30, 2022

Auto-Unit-Test-Case-Generator automatically generates high-level code-coverage JUnit test suites for Java, widely used within the ANT Group.

中文README传送门 What is Auto-Unit-Test-Case-Generator Auto-Unit-Test-Case-Generator generates JUnit test suites for Java class just as its name. During te

108 Dec 22, 2022