Vulnerability detail
Enriched intelligence for a single CVE
Critical
CVE-2021-44228
PUBLISHEDApache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
- Vendor
- Apache Software Foundation
- Product
- Apache Log4j2
- Published
- Dec 10, 2021
- EPSS
- —
Description
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
SSVC decision points
- Exploitation
- active
- Automatable
- Yes
- Technical impact
- total
References
- https://logging.apache.org/log4j/2.x/security.html
- http://www.openwall.com/lists/oss-security/2021/12/10/1
- http://www.openwall.com/lists/oss-security/2021/12/10/2
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
- http://www.openwall.com/lists/oss-security/2021/12/10/3
- https://security.netapp.com/advisory/ntap-20211210-0007/
- http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032
- https://www.oracle.com/security-alerts/alert-cve-2021-44228.html
- https://www.debian.org/security/2021/dsa-5020
- https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/
- https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
- http://www.openwall.com/lists/oss-security/2021/12/13/2
- http://www.openwall.com/lists/oss-security/2021/12/13/1
- http://www.openwall.com/lists/oss-security/2021/12/14/4
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
- https://www.kb.cert.org/vuls/id/930724
- https://twitter.com/kurtseifried/status/1469345530182455296
- https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
- http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html
- http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
- http://www.openwall.com/lists/oss-security/2021/12/15/3
- http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html
- http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html
- http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html
- http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html
- http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/
- http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf
- https://www.oracle.com/security-alerts/cpujan2022.html
- http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html
- https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md
- http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html
- http://seclists.org/fulldisclosure/2022/Mar/23
- https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001
- https://github.com/cisagov/log4j-affected-db
- https://support.apple.com/kb/HT213189
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228
- https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html
- http://seclists.org/fulldisclosure/2022/Jul/11
- http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html
- http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html
- http://seclists.org/fulldisclosure/2022/Dec/2
- http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Dec 10, 2021 |
| CISA | Dec 10, 2021 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/vmware_vcenter_log4shell.rb | Apr 29, 2025 |
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-44228.yaml | Apr 25, 2025 |
Recent mentions
Tenable Blog · May 27, 2026
Tenable Research has developed a graph-based model linking 600+ threat groups to real-world customer exposures. It reveals which vulnerabilities sit at the intersection of severity, active exploitation, and organizational risk.Key takeawaysThe "patch everything" strategy is dead: Vulnerability prioritization based on exploitation risk offers a path forward. A directed graph model linking 600+ threat actors to vulnerabilities in 7,800 customer environments reveals that 68% of organizations carry at least one CVE previously exploited by a named adversary, and 321 tracked threat groups can reach at least one customer environment through an active vulnerability. Prevalence of "Elite Arsenal" CVEs requires immediate attention: The 242 "Elite Arsenal" CVEs — those meeting all three criteria of critical VPR (≥ 9), CISA KEV listing, and documented threat group exploitation — are nearly universally present across the studied customer base, with 241 of 242 actively detected. More than half are five or more years old, and 78% of the persistently exploited core are simultaneously weaponized by nation-state APTs, commodity malware operators, and ransomware gangs. Non-CVE exposures are universally dangerous: Non-CVE exposures, including misconfigurations, weak credentials, and end-of-life software, are present in virtually 100% of studied organizations, with 60% carrying at least one that maps to a tracked threat actor's preferred techniques. Preliminary modeling suggests these exposures may confer more breach risk than CVE-linked findings, yet no industry-standard scoring infrastructure exists to prioritize them.While the first two posts in this blog series documented the accelerating vulnerability flood and the widening remediation gap, today we answer the outstanding question: Where do these forces actually collide inside customer environments? Using a directed graph model that maps more than 600 tracked threat groups to vulnerabilities observed across 7,800 organizations,...
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2024-07-26 19:59:47 UTC · 0 stars
CVE-2021-44228 vulnerability study
github · Created 2024-06-09 02:49:42 UTC · 2 stars
Objective: Demonstrate the exploitation of the Log4Shell vulnerability (CVE-2021-44228) within a simulated banking application environment.
github · Created 2023-11-13 16:57:22 UTC · 0 stars
Log4j Vulnerability RCE - CVE-2021-44228
github · Created 2023-10-06 04:36:31 UTC · 9 stars
Utilize Tai-e to identify the Log4shell (a.k.a. CVE-2021-44228) Vulnerability
github · Created 2022-03-14 04:09:36 UTC · 0 stars
github · Created 2022-02-12 11:19:41 UTC · 3 stars
Log4j vulner testing environment based on CVE-2021-44228. It provide guidance to build the sample infrastructure and the exploit scripts. Supporting cooki3 script as the main exploit tools & integration
github · Created 2022-01-18 19:22:38 UTC · 2 stars
POC for Infamous Log4j CVE-2021-44228
github · Created 2022-01-17 12:46:20 UTC · 0 stars
Static detection of vulnerable log4j librairies on Windows servers, members of an AD domain.
github · Created 2022-01-09 13:38:38 UTC · 5 stars
This Log4j RCE exploit originated from https://github.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce
github · Created 2022-01-07 09:56:30 UTC · 2 stars
Log4jshell - CVE-2021-44228
github · Created 2022-01-05 11:27:16 UTC · 13 stars
Backdoor detection for VMware view
github · Created 2021-12-24 19:26:36 UTC · 6 stars
PoC for CVE-2021-44228.
github · Created 2021-12-23 01:59:03 UTC · 7 stars
open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability
github · Created 2021-12-22 03:34:40 UTC · 2 stars
Log4Shell Demo with AWS
github · Created 2021-12-20 15:39:20 UTC · 2 stars
Windows Batch Scrip to Fix the log4j-issue-CVE-2021-44228
github · Created 2021-12-17 18:45:19 UTC · 1 stars
github · Created 2021-12-17 05:14:05 UTC · 2 stars
Script - Workaround instructions to address CVE-2021-44228 in vCenter Server
github · Created 2021-12-16 21:19:17 UTC · 4 stars
Log4Shell Proof of Concept (CVE-2021-44228)
github · Created 2021-12-16 20:02:09 UTC · 0 stars
github · Created 2021-12-16 09:26:37 UTC · 4 stars
log4shell (CVE-2021-44228) scanning tool
github · Created 2021-12-16 08:46:55 UTC · 10 stars
This Log4j RCE exploit originated from https://github.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce
github · Created 2021-12-15 18:51:07 UTC · 1 stars
github · Created 2021-12-15 10:55:35 UTC · 8 stars
Apache Log4j Zero Day Vulnerability aka Log4Shell aka CVE-2021-44228
github · Created 2021-12-15 07:51:28 UTC · 2 stars
A one-stop repo/ information hub for all log4j vulnerability-related information.
github · Created 2021-12-15 00:55:12 UTC · 3 stars
github · Created 2021-12-14 23:33:51 UTC · 346 stars
Scanners for Jar files that may be vulnerable to CVE-2021-44228
github · Created 2021-12-14 21:32:42 UTC · 16 stars
github · Created 2021-12-14 09:33:22 UTC · 0 stars
On Thursday (December 9th), a 0-day exploit in the popular Java logging library log4j (version 2) was discovered that results in Remote Code Execution (RCE) by logging a certain string. Given how ubiquitous this library is, the impact of the exploit (full server control), and how easy it is to exploit, the impact of this vulnerability is quite severe. We're calling it "Log4Shell" for short.
github · Created 2021-12-14 06:51:30 UTC · 3 stars
A Nuclei template for Apache Solr affected by Apache Log4J CVE-2021-44228
github · Created 2021-12-14 05:24:52 UTC · 18 stars
Log4j2 CVE-2021-44228 revshell, ofc it suck!!
github · Created 2021-12-13 21:39:39 UTC · 0 stars
Professional Service scripts to aid in the identification of affected Java applications in TeamServer
github · Created 2021-12-13 17:17:37 UTC · 2 stars
github · Created 2021-12-13 15:11:15 UTC · 0 stars
demo project to highlight how to execute the log4j (CVE-2021-44228) vulnerability
github · Created 2021-12-13 15:04:31 UTC · 6 stars
Apply class remove process from ear/war/jar/zip archive, see https://logging.apache.org/log4j/2.x/
github · Created 2021-12-13 13:30:57 UTC · 5 stars
Mass Check Vulnerable Log4j CVE-2021-44228
github · Created 2021-12-13 13:05:26 UTC · 13 stars
github · Created 2021-12-13 08:51:56 UTC · 2 stars
Simple tool for scanning entire directories for attempts of CVE-2021-44228
github · Created 2021-12-13 08:43:45 UTC · 4 stars
Log4Shell Docker Env
github · Created 2021-12-13 07:48:49 UTC · 1 stars
github · Created 2021-12-13 07:24:02 UTC · 2 stars
Log4J CVE-2021-44228 : Mitigation Cheat Sheet
github · Created 2021-12-13 03:55:32 UTC · 37 stars
OpenIOC rules to facilitate hunting for indicators of compromise
github · Created 2021-12-13 02:18:57 UTC · 20 stars
This is a proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228).
github · Created 2021-12-12 23:37:39 UTC · 8 stars
CVE-2021-44228 (Log4Shell) Proof of Concept
github · Created 2021-12-12 21:52:53 UTC · 3 stars
Log4J (CVE-2021-44228) Exploit with Remote Command Execution (RCE)
github · Created 2021-12-12 14:27:28 UTC · 0 stars
Known IoCs for log4j framework vulnerability
github · Created 2021-12-12 13:17:18 UTC · 15 stars
IP addresses exploiting recent log4j2 vulnerability CVE-2021-44228
github · Created 2021-12-12 11:26:42 UTC · 67 stars
Abuse Log4J CVE-2021-44228 to patch CVE-2021-44228 in vulnerable Minecraft game sessions to prevent exploitation in the session :)
github · Created 2021-12-12 03:11:14 UTC · 2 stars
Apache Log4j2 CVE-2021-44228 RCE Demo with RMI and LDAP
github · Created 2021-12-12 02:59:54 UTC · 45 stars
github · Created 2021-12-11 21:59:19 UTC · 7 stars
This enforces signatures for CVE-2021-44228 across all policies on a BIG-IP ASM device
github · Created 2021-12-11 14:54:45 UTC · 9 stars
Public IoCs about log4j CVE-2021-44228
github · Created 2021-12-11 12:16:45 UTC · 2 stars
github · Created 2021-12-11 11:38:16 UTC · 3 stars
github · Created 2021-12-11 11:18:46 UTC · 857 stars
Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228
github · Created 2021-12-11 09:52:36 UTC · 2 stars
github · Created 2021-12-11 07:55:45 UTC · 4 stars
github · Created 2021-12-10 22:35:00 UTC · 938 stars
🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
github · Created 2021-12-10 22:19:16 UTC · 7 stars
CVE-2021-44228 DFIR Notes
github · Created 2021-12-10 21:20:05 UTC · 0 stars
log4shell sample application (CVE-2021-44228)
github · Created 2021-12-10 18:06:06 UTC · 154 stars
Hashes for vulnerable LOG4J versions
github · Created 2021-12-10 17:24:47 UTC · 35 stars
Vulnerability CVE-2021-44228 checker
github · Created 2021-12-10 12:35:30 UTC · 4 stars
A small server for verifing if a given java program is succeptibel to CVE-2021-44228
github · Created 2021-12-10 05:23:44 UTC · 464 stars
Remote Code Injection In Log4j
github · Created 2021-12-09 15:27:38 UTC · 82 stars
Apache Log4j 远程代码执行
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Exploit Used in Malware
-
Added to KEVIntel
-
Added to KEVIntel
-
Detected by Nuclei
-
Detected by Metasploit