CVEPublished 2021-12-101 article on news6 live referencesNVD data

CVE-2021-44228

Vulnerability data via CVEDB (Shodan)

CISA KEVKnown exploited in the wild.Used in ransomware
CISA action: Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.
CVSS v3.1
10.0
CRITICAL
EPSS percentile
100
Exploit Prediction Scoring System · top 0% of all CVEs
Description

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

Timeline
Published 2021-12-10

External references

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

More intel sources (5)

Known PoCs on GitHub (8)