- Creation
- Validation
- Communication & fix
- Disclosure
Solidaris.be (emut.be) / Server vulnerable to Log4J CVE-2021-44228
Deleted user
reported 2021-12-13
Server vulnerable to Log4J CVE-2021-44228. The reply originated from a backend server, the originating frontend server has been included in the report for reference.
It is critical to patch log4j or the application using since the issues is exploited in the wild and leads to RCE.
- https://www.lunasec.io/docs/blog/log4j-zero-day/
- https://issues.apache.org/jira/browse/LOG4J2-2109
- https://logging.apache.org/log4j/2.x/security.html
IP:
194.78.26.237Port:
9000Detected protocol:
httpsVulnerable URL:
https://194.78.26.237:9000Received reply after a Log4j payload from this host
Ping was received because of query value
Reply took 5.015895713s
Orignal request was to 81.246.19.79:9000
This event's HTTP and SSL details are preserved from the orignal request.
Orignal reply:
5265636569766564207265706c792061667465722061204c6f67346a207061796c6f61642066726f6d207468697320686f73740a50696e67207761732072656365697665642062656361757365206f662071756572792076616c75650a5265706c7920746f6f6b20352e303135383935373133730a4f7269676e616c20726571756573742077617320746f2038312e3234362e31392e37393a393030300a54686973206576656e742773204854545020616e642053534c2064657461696c7320617265207072657365727665642066726f6d20746865206f7269676e616c20726571756573742e0a
Found by Log4JOpportunistic 2021-12-13
Report created by
deleted-user
2021-12-13
deleted-user
2021-12-13
Report approved by
deleted-user
2021-12-13
deleted-user
2021-12-13
New PDF report generated by system 2021-12-13
Report dispatched to ...@... by system 2021-12-13
Report dispatched to ...@... by system 2021-12-13
Report dispatched to ...@... by system 2021-12-13
Report dispatched to ...@... by system 2021-12-13
system
commented 2021-12-14:
approved
shows in report
Email from: www-data@csirt.proximus.com Dear, According to our records, your request has been resolved. If you have any further questions or concerns, please respond to this message. Best regards. -- Cyber Security Incident Response Team | CSIRT Koning Albert II Laan 27, B-1030 Brussels
Report comment dispatched to BloodyShell by system 2021-12-14
Report comment dispatched to iampritam by system 2021-12-14
Report comment dispatched to zythop by system 2021-12-14
Report comment dispatched to fokoil by system 2021-12-14
Report comment dispatched to thLambda by system 2021-12-14
Report marked as fixed by
BloodyShell
2021-12-29
BloodyShell
2021-12-29
Report closed by
BloodyShell
2021-12-29
BloodyShell
2021-12-29
New PDF report generated by system 2021-12-29
Report comment cd200b approved by
BloodyShell
2021-12-29
BloodyShell
2021-12-29
New PDF report generated by system 2021-12-29
Report comment dispatched to zythop by system 2021-12-29
Report comment dispatched to privacy305@solidaris.be by system 2021-12-29
Report comment dispatched to noc@skynet.be by system 2021-12-29
Report comment dispatched to csirt@proximus.com by system 2021-12-29
Report comment dispatched to vulnerabilitydisclosure@ccb.belgium.be by system 2021-12-29
Information
Owner
Solidaris.be (emut.be)
Created
2021-12-13 14:18
Updated
2021-12-29 17:10
Fixed
true
Contacts
p...@solidaris.be
n...@skynet.be
c...@proximus.com
v...@ccb.belgium.be
Status
Status
closed
Hosting contacted
false
CERT contacted
false
Download report