log4jattacksurface's People
Forkers
locksley1337 cocaman xuwei-k mikedigriz shihoaoki networkelements fengjixuchui victorcuralea cyrillefranchet securepo sv3nbeast rafalohaki d0gman frapeil jonas-meng enipu madusec lengxu cowboysipke spiderhehehoho cetriext anon0nyx emadshawky enpel minhducck changheluor007 adrianpasternak-ab jsmitherson meltingscales archonoff 0xera morpheusc 4hm3r phr0stb1t3 keithemyers r488it novtangopapa leosol astoriafloyd addisoncrump infernalheaven trott 5m7x pondim rkqvavleuwvuqdav arthusu pandazheng swd99999999 jackyyvan adiantek goodtiding5 amesianx mondayice iqbmo04 tottokug leew66884 xtheorycrafter tahslim kennell zer010bs cckuailong oldman19 remsuimin chinoll deonizm 0x0nullian j5s endual hackubst lfuelling seaflygithub wlsfla aviraonepiece nearlee2008 yenannn meowwbox sysgoblin sam0x90 stefanforsberg klinklinklin smulikhakipod sensei-ninja www-haifeng gkhan496 doduytrung kevinlynn uejb jeromeyoung raytheon0x21 wishjam ttuanhung jfxs rabbitsafe nickaries optionalg pdolinic afwu kiralab register-fork 0c0c0flog4jattacksurface's Issues
Webex affected
Update List
Can someone please add:
ViewPoint Spectrum (confirmed vulnerable)
SysAid (confirmed Vulnerable)
Blender is not affected - Screenshot is from a joke tweet
The screenshot that is claimed as evidence originates from a tweet that was posted as a joke. Additionally, Blender neither uses Java nor does it open any connections to the internet by default.
Cloudflare blocking requests
Discord search API has a potential attack surface
Discord confirms they use elasticsearch here.
Discord uses a middleman to ship logs to elasticsearch through Punt, listed here: https://github.com/discord/punt/
Palo Alto Panorama
Vendor confirms product to be unaffected as of this time
Aruba Networks
Customer managed Orchestrator and legacy GMS products are affected
Corrective Actions:
- SSH to the Orchestrator virtual machine and log in as the admin user.
- Change to the /home/gms/gms directory.
- Open the file named “gmsserver” for editing.
- Locate the line that starts with: exec $JAVA_HOME/bin/java
- Add the text below just before com.silverpeak.gms.server.VistaPointServer
-Dlog4j.formatMsgNoLookups=true
- Save and Reboot
Ruckus Wireless - FYI
Jenkins
https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/
The Jenkins security team has confirmed that Log4j is not used in Jenkins core. Jenkins plugins may be using Log4j.
ElasticSearch evidence is not elasticsearch instance
Hi, I realized the evidence posted claiming that elasticsearch is vulnerable (even though elastic claimed otherwise) is not an ElasticSearch instance but rather the elastic.co website. Could you please revise it to confirm? Thanks.
LinkedIn Affected
PulseSecure is not affected
According to the provided link, PulseSecure is not affected. Why is it marked as TRUE?
Cisco
should be clear over the weekend
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
Add vulnerable column
Hi there,
thanks a lot for providing the information in here.
Maybe I misunderstood something, but I think the table in the ReadMe might benefit highly from another column "Vulnerable: YES / NO".
At first look it seemed that PulseSecure was affected because the list said "VERIFIED: YES". However upon clicking the link to PulseSecure and checking the Post at PulseSecure, it turns out the verification resulted in all components not being vulnerable.
What do you think?
Kind regards,
Florian
Apache Spark and Tomcat may be impacted
Per Tenable, Spark and Tomcat may be impacted
https://www.tenable.com/blog/cve-2021-44228-proof-of-concept-for-critical-apache-log4j-remote-code-execution-vulnerability
Insagram
SAP NetWeaver/CloudFoundry
- possibly https://blogs.sap.com/2019/09/10/efficient-log-management-for-java-applications-on-cloud-foundry-using-application-logging-and-elk-stack/
- found a hanfull of infos that log4j is included,
LinkedIn affected too.
investigating ORACLE
-
Fusion Middleware https://docs.oracle.com/cd/E29542_01/doc.1111/e35342/file_log4j_properties.htm#WBCSP241
-
weblogic https://docs.oracle.com/cd/E17904_01/web.1111/e13739/config_logs.htm#WLLOG138
probably more products as well
Papercut MF
Papercut MF - Print Management software
https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228
Mitigation steps:
Windows:
-
Stop the PaperCut application server (or Site Server).
-
Navigate to the /server/bin/win folder.
-
Open the service.conf file in that folder for editing (you will need to open it as Administrator).
-
Find the line that looks like this: wrapper.java.additional.21=-Dpc-reserved=X
-
Replace it with this: wrapper.java.additional.21=-Dlog4j2.formatMsgNoLookups=true
-
Save the file.
-
Start the PaperCut application server (or Site Server).
macOS:
-
Stop the PaperCut application server (or Site Server).
-
Navigate to the /server/custom folder.
-
Open the launch-app-server.conf file for editing.
-
Add the following line to the end of the file: PC_CUSTOM_SERVER_ARG=-Dlog4j2.formatMsgNoLookups=true
-
Save the file.
-
Start the PaperCut application server (or Site Server).
Linux:
-
Stop the PaperCut application server.
-
Navigate to the /server/bin/linux-x64 folder (or the linux-i686 or linux-common folder, depending on distro).
-
Open the app-monitor.conf file in that folder for editing.
-
Find the line that looks like this: wrapper.java.additional.21=-Dpc-reserved=X
-
Replace it with this: wrapper.java.additional.21=-Dlog4j2.formatMsgNoLookups=true
-
Save the file.
-
Start the PaperCut application server.
Interactive List
Hi,
I want to offer collaboration on this matter. I have created a small website where findings can be added and voted on:
log4j.mwni.io
Perhaps we can sync up the lists?
Flink seems affected
Fortinet
Adding a column affected yes/no?
As more and more vendors are publishing security advisories about their products, would it makes sense to add an "affected" column?
This "verified" column is only there to verify if the product is effectively affected with evidence. Implying non-affected solutions should be removed from the list or are simply not listed.
It could be still great to list non-affected products with a verified statement.
What you think?
SonarQube 9.2(Current) and earlier are vulnerable
They contain log4j 2.11.1
Dell products possibly affected too
https://www.dell.com/support/search/en-us#q=log4j&sort=date%20descending
Wyse
SupportAssist Enterprise
EMC Data Protection Manager
Unifi Controller is missing
Proof Point - FYI
Bash script
Here is a bash script to automatically check against this list & more
https://gist.github.com/Mwni/422434d479b7e4410e2ca7405ddc0369
List of security advisories
Would this be something to link to for a more complete picture?
https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592
Anyone know if FreeIPA is affected
I know FreeIPA runs Tomcat which I believe is vulnerable. I haven't been able to reproduce the vulnerability by injecting headers or POST data, but am curious if anyone has been able to confirm one way or another if FreeIPA is vulnerable or not.
Red Hat products
logstash has affected
Atlassian
Atlassian Jira Server + Data center
Atlassian Confluence Server + Data Center
are also affected
Keycloak seems not to be affected..
The Opensource IAM Keycloak does not seem to be affected by the log4j vulnerability.
If you check the pom.xml of the Core Build it states org.jboss.logging is used for logging.
Source:
https://mvnrepository.com/artifact/org.jboss.logging/jboss-logging
Pascom VoIP effected
Google Voice
I guess google is logging text messages?! I just tried it and I see google IPs
Workspace One affected too
Apache Archiva
latest release 2.2.5 is affected
Soul got affected
Blender is not affected by this vulnerability
@cckuailong 别tm瞎提交
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.