Log4j Vulnerability RCE POC — CVE-2021–44228 Proof of Concept — Apache log4j Prophaze WAF
A remote code execution zero-day vulnerability (CVE-2021–44228) was identified in Apache Log4j which is a widely-used Java logging library being exploited in the wild. It enables threat actors to take full control of servers without authentication. The vulnerability was publicly disclosed via GitHub on 9th December 2021.
Java Development Kit versions 6u211, 7u201, 8u191, and 11.0.1 are not affected. In previous releases 2.10
Apache log4j 2 is a Java-based logging framework (open-source) that is leveraged within numerous Java applications around the world. Compared with the original log4j 1. X release, log4j 2 addressed issues with the previous release and offered a plugin architecture for users. Apache Log4j 2 became the mainstream version on August 5th of 2015, and all the previous version log4j users were recommended to upgrade to log4j 2. Apache log4j is widely used in several popular software applications, like ElasticSearch, Apache Struts, Kafka, Redis, and others.
