• Creation
  • Validation
  • Communication & fix
  • Disclosure

Solidaris.be (emut.be) / Server vulnerable to Log4J CVE-2021-44228

zythop reported 2021-12-13

Server vulnerable to Log4J CVE-2021-44228. The reply originated from a backend server, the originating frontend server has been included in the report for reference.

It is critical to patch log4j or the application using since the issues is exploited in the wild and leads to RCE.

IP:
194.78.226.77
Port:
8888
Detected protocol:
https
Vulnerable URL:
https://194.78.226.77:8888
Received reply after a Log4j payload from this host
Ping was received because of query argument
Reply took 6.336681316s
Orignal request was to 194.78.26.207:8888
This event's HTTP and SSL details are preserved from the orignal request.

Orignal reply:
5265636569766564207265706c792061667465722061204c6f67346a207061796c6f61642066726f6d207468697320686f73740a50696e67207761732072656365697665642062656361757365206f6620717565727920617267756d656e740a5265706c7920746f6f6b20362e333336363831333136730a4f7269676e616c20726571756573742077617320746f203139342e37382e32362e3230373a383838380a54686973206576656e742773204854545020616e642053534c2064657461696c7320617265207072657365727665642066726f6d20746865206f7269676e616c20726571756573742e0a
Found by Log4JOpportunistic 2021-12-12
Report created by zythop  2021-12-13
Report approved by zythop  2021-12-13
New PDF report generated by system 2021-12-13
Report dispatched to ...@... by system 2021-12-13
Report dispatched to ...@... by system 2021-12-13
Report dispatched to ...@... by system 2021-12-13
Report dispatched to ...@... by system 2021-12-13
Report comment dispatched to BloodyShell by system 2021-12-14
Report comment dispatched to iampritam by system 2021-12-14
Report comment dispatched to zythop by system 2021-12-14
Report comment dispatched to fokoil by system 2021-12-14
Report comment dispatched to thLambda by system 2021-12-14
Report edited by zythop  2022-01-06
New PDF report generated by system 2022-01-06
Information
Owner Solidaris.be (emut.be)
Created 2021-12-13 10:18
Updated 2022-01-06 15:17
Fixed false

Contacts
p...@solidaris.be
n...@skynet.be
c...@proximus.com
v...@ccb.belgium.be

Status
Status closed
Hosting contacted false
CERT contacted false

Download report