본문 바로가기
보안

log4j 취약성의 영향을 받는 제품 리스트

촐초리 2021. 12. 13. 22:01
반응형

현재 가장 큰 관심사는 어떻게 수정할것인가 이기도 하지만

역시 어떤 시스템들이 영향을 받는가... 이다

물론 스캐너들이 있긴하지만 스캐너를 통해 찾는 것도 한계가 있고

일단은 범위를 좁히기 위해서 영향을 받는 서비스, 제품, 프로그램들을 먼저 알아야 한다

 

여기 저기 많은 사이트에서 정리들을 하고 있으니 참고를 

 

https://www.rumble.run/blog/finding-log4j/

 

Finding applications that use Log4J

Background Internet discussion was abuzz yesterday about an 0-day vulnerability (one that can yield remote code execution) in Apache’s popular Log4J logging library for Java. This particular vulnerability–tracked as CVE-2021-44228 with the maximum “c

www.rumble.run

 

https://github.com/YfryTchsGD/Log4jAttackSurface

 

GitHub - YfryTchsGD/Log4jAttackSurface

Contribute to YfryTchsGD/Log4jAttackSurface development by creating an account on GitHub.

github.com

https://www.techsolvency.com/story-so-far/cve-2021-44228-log4j-log4shell/#affected-products

 

Tech Solvency: The Story So Far: CVE-2021-44228 (Log4Shell log4j vulnerability).

Log4Shell log4j vulnerability (CVE-2021-44228) - cheat-sheet reference guide Last updated: $Date: 2021/12/13 07:42:40 $ UTC by @TychoTithonus (Royce Williams), standing on the shoulders of many giants - send updates or suggestions Note: this list focuses p

www.techsolvency.com

https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592

 

BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-12 2204 UTC

BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-12 2204 UTC - 20211210-TLP-WHITE_LOG4J.md

gist.github.com

https://gist.github.com/noperator/d360de81c061bc9c628b12d3f0e1e479

 

Emerging threat details on CVE-2021-44228 in Apache Log4j

Emerging threat details on CVE-2021-44228 in Apache Log4j - log4j.md

gist.github.com

 

그리고 네덜란드 국가사이버보안센터에서 공개한

LOG4J 취약점에 관한 관련 소프트웨어 

https://github.com/NCSC-NL/log4shell/tree/main/software

 

GitHub - NCSC-NL/log4shell: Operational information regarding the vulnerability in the Log4j logging library.

Operational information regarding the vulnerability in the Log4j logging library. - GitHub - NCSC-NL/log4shell: Operational information regarding the vulnerability in the Log4j logging library.

github.com

 

반응형

'보안' 카테고리의 다른 글

CVE-2021-44142, Samba 취약점으로 root 권한으로 코드 실행  (0) 2022.02.02
CISA, FBI 및 NSA LOG4J 취약점을 위한 스캐너 출시  (0) 2021.12.26
취약한 log4j 호스트를 찾는 스캐너  (0) 2021.12.13
로그프레소 log4j 취약점(CVE-2021-44228) 스캐너 배포  (0) 2021.12.12
윈도 무작위폴더 생성 버그  (0) 2021.11.21

'보안' Related Articles

티스토리툴바