### [CVE-2019-17571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571) ![](https://img.shields.io/static/v1?label=Product&message=Log4j&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%3A%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) ### Description Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. ### POC #### Reference - https://www.oracle.com/security-alerts/cpuApr2021.html - https://www.oracle.com/security-alerts/cpuApr2021.html - https://www.oracle.com/security-alerts/cpuapr2020.html - https://www.oracle.com/security-alerts/cpuapr2020.html - https://www.oracle.com/security-alerts/cpuapr2022.html - https://www.oracle.com/security-alerts/cpuapr2022.html - https://www.oracle.com/security-alerts/cpujul2020.html - https://www.oracle.com/security-alerts/cpujul2020.html - https://www.oracle.com/security-alerts/cpujul2022.html - https://www.oracle.com/security-alerts/cpujul2022.html #### Github - https://github.com/0xT11/CVE-POC - https://github.com/7hang/cyber-security-interview - https://github.com/ARPSyndicate/cvemon - https://github.com/AdeliaNitzsche/Java-Deserialization-Cheat-Sheet - https://github.com/Al1ex/CVE-2019-17571 - https://github.com/AlexanderBrese/ubiquitous-octo-guacamole - https://github.com/BrittanyKuhn/javascript-tutorial - https://github.com/DataTranspGit/Jasper-Starter - https://github.com/GavinStevensHoboken/log4j - https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet - https://github.com/HackJava/HackLog4j2 - https://github.com/HackJava/Log4j2 - https://github.com/HynekPetrak/log4shell-finder - https://github.com/Live-Hack-CVE/CVE-2019-17571 - https://github.com/NetW0rK1le3r/awesome-hacking-lists - https://github.com/OWASP/www-project-ide-vulscanner - https://github.com/PalindromeLabs/Java-Deserialization-CVEs - https://github.com/RajuYelagattu/gopi - https://github.com/Retr0-ll/2023-littleTerm - https://github.com/Retr0-ll/littleterm - https://github.com/RihanaDave/logging-log4j1-main - https://github.com/Schnitker/log4j-min - https://github.com/SexyBeast233/SecBooks - https://github.com/albert-liu435/logging-log4j-1_2_17 - https://github.com/alphaSeclab/sec-daily-2019 - https://github.com/apache/logging-log4j1 - https://github.com/averemee-si/oracdc - https://github.com/ben-smash/l4j-info - https://github.com/cenote/jasperstarter - https://github.com/chairkb/openhtmltopdf - https://github.com/danfickle/openhtmltopdf - https://github.com/davejwilson/azure-spark-pools-log4j - https://github.com/dbzoo/log4j_scanner - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/eeenvik1/scripts_for_YouTrack - https://github.com/emilywang0/CVE_testing_VULN - https://github.com/emilywang0/MergeBase_test_vuln - https://github.com/fat-tire/floreantpos - https://github.com/hammadrauf/jasperstarter-fork - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/helsecert/CVE-2021-44228 - https://github.com/hillu/local-log4j-vuln-scanner - https://github.com/janimakinen/hello-world-apache-wicket - https://github.com/jaspervanderhoek/MicroflowScheduledEventManager - https://github.com/lel99999/dev_MesosRI - https://github.com/logpresso/CVE-2021-44228-Scanner - https://github.com/ltslog/ltslog - https://github.com/mad1c/log4jchecker - https://github.com/mahiratan/apache - https://github.com/marklogic/marklogic-contentpump - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet - https://github.com/netricsag/log4j-scanner - https://github.com/orgTestCodacy11KRepos110MB/repo-5360-openhtmltopdf - https://github.com/pen4uin/awesome-vulnerability-research - https://github.com/pen4uin/vulnerability-research - https://github.com/pen4uin/vulnerability-research-list - https://github.com/readloud/Awesome-Stars - https://github.com/sa-ne/FixSigTrack - https://github.com/shadow-horse/CVE-2019-17571 - https://github.com/thl-cmk/CVE-log4j-check_mk-plugin - https://github.com/trhacknon/CVE-2021-44228-Scanner - https://github.com/trhacknon/log4shell-finder - https://github.com/woods-sega/woodswiki - https://github.com/x-f1v3/Vulnerability_Environment - https://github.com/xbl2022/awesome-hacking-lists - https://github.com/yahoo/cubed