mirror of
https://github.com/0xMarcio/cve.git
synced 2025-12-30 04:49:42 +00:00
2.0 KiB
2.0 KiB
CVE-2021-42550
Description
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
POC
Reference
- http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html
- http://seclists.org/fulldisclosure/2022/Jul/11
Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/CUBETIQ/cubetiq-security-advisors
- https://github.com/Dokyeongyun/SW_Knowledge
- https://github.com/GGongnanE/TodayILearned
- https://github.com/HynekPetrak/log4shell-finder
- https://github.com/OsiriX-Foundation/karnak
- https://github.com/Pluralsight-SORCERI/log4j-resources
- https://github.com/arstulke/CardBoard
- https://github.com/emilywang0/CVE_testing_VULN
- https://github.com/emilywang0/MergeBase_test_vuln
- https://github.com/hinat0y/Dataset1
- https://github.com/hinat0y/Dataset10
- https://github.com/hinat0y/Dataset11
- https://github.com/hinat0y/Dataset12
- https://github.com/hinat0y/Dataset2
- https://github.com/hinat0y/Dataset3
- https://github.com/hinat0y/Dataset4
- https://github.com/hinat0y/Dataset5
- https://github.com/hinat0y/Dataset6
- https://github.com/hinat0y/Dataset7
- https://github.com/hinat0y/Dataset8
- https://github.com/hinat0y/Dataset9
- https://github.com/logpresso/CVE-2021-44228-Scanner
- https://github.com/scordero1234/java_sec_demo-main
- https://github.com/thl-cmk/CVE-log4j-check_mk-plugin
- https://github.com/trhacknon/CVE-2021-44228-Scanner
- https://github.com/trhacknon/log4shell-finder