- Creation
- Validation
- Communication & fix
- Disclosure
oracle.com / Server vulnerable to Log4J CVE-2021-44228
Deleted user
reported 2021-12-12
Server vulnerable to Log4J CVE-2021-44228. The reply originated from a backend server, the originating frontend server has been included in the report for reference.
It is critical to patch log4j or the application using since the issues is exploited in the wild and leads to RCE.
- https://www.lunasec.io/docs/blog/log4j-zero-day/
- https://issues.apache.org/jira/browse/LOG4J2-2109
- https://logging.apache.org/log4j/2.x/security.html
IP:
147.154.114.44Port:
443Detected protocol:
elasticsearchVulnerable URL:
https://147.154.114.44Received reply after a Log4j payload from this host
Ping was received because of query value
Reply took 13.374934122s
Orignal request was to 147.154.99.192
Orignal reply:
5265636569766564207265706c792061667465722061204c6f67346a207061796c6f61642066726f6d207468697320686f73740a50696e67207761732072656365697665642062656361757365206f662071756572792076616c75650a5265706c7920746f6f6b2031332e333734393334313232730a4f7269676e616c20726571756573742077617320746f203134372e3135342e39392e3139320a
Found by Log4JOpportunistic 2021-12-12
Report created by
deleted-user
2021-12-12
deleted-user
2021-12-12
Report approved by
deleted-user
2021-12-12
deleted-user
2021-12-12
New PDF report generated by system 2021-12-12
Report dispatched to ...@... by system 2021-12-12
Report comment dispatched to BloodyShell by system 2021-12-12
Report comment dispatched to iampritam by system 2021-12-12
Report comment dispatched to zythop by system 2021-12-12
Report comment dispatched to fokoil by system 2021-12-12
Report comment dispatched to thLambda by system 2021-12-12
Report edited by
BloodyShell
2021-12-13
BloodyShell
2021-12-13
New PDF report generated by system 2021-12-13
Report dispatched to ...@... by system 2021-12-13
Report comment dispatched to BloodyShell by system 2021-12-13
Report comment dispatched to iampritam by system 2021-12-13
Report comment dispatched to zythop by system 2021-12-13
Report comment dispatched to fokoil by system 2021-12-13
Report comment dispatched to thLambda by system 2021-12-13
Report comment dispatched to BloodyShell by system 2022-01-07
Report comment dispatched to iampritam by system 2022-01-07
Report comment dispatched to zythop by system 2022-01-07
Report comment dispatched to fokoil by system 2022-01-07
Report comment dispatched to thLambda by system 2022-01-07
Report marked as fixed by
deleted-user
2022-02-10
deleted-user
2022-02-10
Report closed by
deleted-user
2022-02-10
deleted-user
2022-02-10
New PDF report generated by system 2022-02-10
Report edited by
deleted-user
2022-02-10
deleted-user
2022-02-10
New PDF report generated by system 2022-02-10
Information
Owner
oracle.com
Created
2021-12-12 16:28
Updated
2022-02-10 13:08
Fixed
true
Contacts
s...@oracle.com
Status
Status
closed
Hosting contacted
false
CERT contacted
false
Download report