log4j CVE-2021-44228
This commit is contained in:
Florian Roth
@@ -0,0 +1,25 @@
|
||||
title: Log4j RCE CVE-2021-44228
|
||||
id: 5ea8faa8-db8b-45be-89b0-151b84c82702
|
||||
status: experimental
|
||||
description: Detects exploitation attempt against log4j RCE vulnerability reported as CVE-2021-44228
|
||||
author: Florian Roth
|
||||
date: 2021/12/10
|
||||
references:
|
||||
- https://news.ycombinator.com/item?id=29504755
|
||||
- https://github.com/tangxiaofeng7/apache-log4j-poc
|
||||
- https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b
|
||||
- https://github.com/YfryTchsGD/Log4jAttackSurface
|
||||
tags:
|
||||
- attack.initial_access
|
||||
- attack.t1190
|
||||
logsource:
|
||||
category: webserver
|
||||
detection:
|
||||
keywords:
|
||||
- '${jndi:ldap://'
|
||||
- '${jndi:rmi://'
|
||||
- '${jndi:ldaps://'
|
||||
condition: keywords
|
||||
falsepositives:
|
||||
- Vulnerability scanning
|
||||
level: high
|
||||
Reference in New Issue
Block a user