admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-29 01:31:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2019/CVE-2019-17571.md
0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33
2024-06-09 00:33:16 +00:00

92 lines
4.5 KiB
Markdown
Raw Blame History

### [CVE-2019-17571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571)
![](https://img.shields.io/static/v1?label=Product&message=Log4j&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%3A%20Deserialization%20of%20Untrusted%20Data&color=brighgreen)
### Description
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
### POC
#### Reference
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
#### Github
- https://github.com/0xT11/CVE-POC
- https://github.com/7hang/cyber-security-interview
- https://github.com/ARPSyndicate/cvemon
- https://github.com/AdeliaNitzsche/Java-Deserialization-Cheat-Sheet
- https://github.com/Al1ex/CVE-2019-17571
- https://github.com/AlexanderBrese/ubiquitous-octo-guacamole
- https://github.com/BrittanyKuhn/javascript-tutorial
- https://github.com/DataTranspGit/Jasper-Starter
- https://github.com/GavinStevensHoboken/log4j
- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
- https://github.com/HackJava/HackLog4j2
- https://github.com/HackJava/Log4j2
- https://github.com/HynekPetrak/log4shell-finder
- https://github.com/Live-Hack-CVE/CVE-2019-17571
- https://github.com/NetW0rK1le3r/awesome-hacking-lists
- https://github.com/OWASP/www-project-ide-vulscanner
- https://github.com/PalindromeLabs/Java-Deserialization-CVEs
- https://github.com/RajuYelagattu/gopi
- https://github.com/Retr0-ll/2023-littleTerm
- https://github.com/Retr0-ll/littleterm
- https://github.com/RihanaDave/logging-log4j1-main
- https://github.com/Schnitker/log4j-min
- https://github.com/SexyBeast233/SecBooks
- https://github.com/albert-liu435/logging-log4j-1_2_17
- https://github.com/alphaSeclab/sec-daily-2019
- https://github.com/apache/logging-log4j1
- https://github.com/averemee-si/oracdc
- https://github.com/ben-smash/l4j-info
- https://github.com/cenote/jasperstarter
- https://github.com/chairkb/openhtmltopdf
- https://github.com/danfickle/openhtmltopdf
- https://github.com/davejwilson/azure-spark-pools-log4j
- https://github.com/dbzoo/log4j_scanner
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/eeenvik1/scripts_for_YouTrack
- https://github.com/emilywang0/CVE_testing_VULN
- https://github.com/emilywang0/MergeBase_test_vuln
- https://github.com/fat-tire/floreantpos
- https://github.com/hammadrauf/jasperstarter-fork
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/helsecert/CVE-2021-44228
- https://github.com/hillu/local-log4j-vuln-scanner
- https://github.com/janimakinen/hello-world-apache-wicket
- https://github.com/jaspervanderhoek/MicroflowScheduledEventManager
- https://github.com/lel99999/dev_MesosRI
- https://github.com/logpresso/CVE-2021-44228-Scanner
- https://github.com/ltslog/ltslog
- https://github.com/mad1c/log4jchecker
- https://github.com/mahiratan/apache
- https://github.com/marklogic/marklogic-contentpump
- https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet
- https://github.com/netricsag/log4j-scanner
- https://github.com/orgTestCodacy11KRepos110MB/repo-5360-openhtmltopdf
- https://github.com/pen4uin/awesome-vulnerability-research
- https://github.com/pen4uin/vulnerability-research
- https://github.com/pen4uin/vulnerability-research-list
- https://github.com/readloud/Awesome-Stars
- https://github.com/sa-ne/FixSigTrack
- https://github.com/shadow-horse/CVE-2019-17571
- https://github.com/thl-cmk/CVE-log4j-check_mk-plugin
- https://github.com/trhacknon/CVE-2021-44228-Scanner
- https://github.com/trhacknon/log4shell-finder
- https://github.com/woods-sega/woodswiki
- https://github.com/x-f1v3/Vulnerability_Environment
- https://github.com/xbl2022/awesome-hacking-lists
- https://github.com/yahoo/cubed
Reference in New Issue View Git Blame Copy Permalink