Skip to content
This repository has been archived by the owner on Jun 16, 2022. It is now read-only.
/ log4shell Public archive

Operational information regarding the log4shell vulnerabilities in the Log4j logging library.

1.9k stars 605 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

NCSC-NL/log4shell

BranchesTags

Repository files navigation

Log4shell vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-4104, CVE-2021-45105)

This repo contains operational information regarding the Log4shell vulnerability in the Log4j logging library. Especially CVE-2021-44228 / CVE-2021-45046 and also covers CVE-2021-4104 / CVE-2021-45105. For additional information see:

For affected organisations and CISOs searching for concise mitigation guidance, the Log4Shell for OES - Full presentation slides for CISOs and techies describes the vulnerability and explains all steps necessary to successfully mitigate the vulnerability (patching is not enough).

Repository contents

Directory Purpose
hunting Contains info regarding hunting for exploitation
iocs Contains any Indicators of Compromise, such as scanning IPs, etc
detection & mitigation Contains info regarding detection and mitigation, such as regexes for detecting scanning activity and more
scanning Contains references to methods and tooling used for scanning for the Log4j vulnerability
software Contains a list of known vulnerable and not vulnerable software
tools Contains a list of tools for automatically parsing info on this repo

Please note that these directories are not complete, and are currently being expanded.

NCSC-NL has published a HIGH/HIGH advisory for the Log4j vulnerability. Normally we would update the HIGH/HIGH advisory for vulnerable software packages, however due to the extensive amounts of expected updates we have created a list of known vulnerable software in the software directory.

Contributions welcome

If you have any additional information to share relevant to the Log4j vulnerability, please feel free to open a Pull request. New to this? Read how to contribute in GitHub's documentation.

Hall of fame

We would like to thank every single one of you that contributed to our GitHub page. NCSC-NL believes the GitHub page is a succes and you made that possible. Below we present a very incomplete list of contributants we consider the repository's hall of fame:

About

Operational information regarding the log4shell vulnerabilities in the Log4j logging library.

Topics

log4j vulnerability cve-2021-44228 log4shell cve-2021-45046 cve-2021-4104 cve-2021-45105

Resources

Readme
Activity
Custom properties

Stars

1.9k stars

Watchers

68 watching

Forks

605 forks
Report repository

Releases 163

log4shell_info_20220615 Latest
Jun 15, 2022
+ 162 releases

Contributors 275

+ 261 contributors

Languages