mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 11:06:19 +00:00
2.4 KiB
2.4 KiB
CVE-2020-9488
Description
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
POC
Reference
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Dzmitry-Basiachenka/dist-foreign-aliakh
- https://github.com/GavinStevensHoboken/log4j
- https://github.com/HynekPetrak/log4shell-finder
- https://github.com/RihanaDave/logging-log4j1-main
- https://github.com/Schnitker/log4j-min
- https://github.com/albert-liu435/logging-log4j-1_2_17
- https://github.com/andrewd-sysdig/sysdig_package_report
- https://github.com/apache/logging-log4j1
- https://github.com/averemee-si/oracdc
- https://github.com/davejwilson/azure-spark-pools-log4j
- https://github.com/f-this/f-apache
- https://github.com/gumimin/dependency-check-sample
- https://github.com/jaspervanderhoek/MicroflowScheduledEventManager
- https://github.com/lel99999/dev_MesosRI
- https://github.com/logpresso/CVE-2021-44228-Scanner
- https://github.com/ltslog/ltslog
- https://github.com/thl-cmk/CVE-log4j-check_mk-plugin
- https://github.com/trhacknon/CVE-2021-44228-Scanner
- https://github.com/trhacknon/log4shell-finder
- https://github.com/whitesource/log4j-detect-distribution