CVE-2021-44228 PoC — Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints

Source

https://github.com/PCMKUIT/CVE-2021-44228---Log4Shell-Analysis

Associated Vulnerability

Title:Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints (CVE-2021-44228)
Description:Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

Description

Technical deep dive into Apache Log4j2 JNDI injection vulnerability. Features static code analysis, patch comparison, attack vectors (LDAP/RMI/DNS), and enterprise mitigation guidance.

Readme

# 🔥 Log4Shell (CVE-2021-44228) Analysis

[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
[![Maintenance](https://img.shields.io/badge/Maintained-Yes-brightgreen)](https://github.com/yourusername/log4shell-analysis)
[![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)](contributing.md)

A comprehensive technical analysis of the Log4Shell vulnerability (CVE-2021-44228), one of the most critical vulnerabilities in modern software history.

## 📖 Overview

This repository contains an in-depth analysis of the Log4Shell vulnerability in Apache Log4j2, including:
- Technical deep dive into the vulnerability mechanism
- Code analysis and patch review
- Attack flow explanation
- Mitigation strategies
- Lab environment setup guide

## 🎯 Quick Summary

| Aspect | Details |
|--------|---------|
| **CVE ID** | CVE-2021-44228 |
| **CVSS Score** | 10.0 (Critical) |
| **Affected Versions** | Log4j 2.0-beta9 to 2.14.1 |
| **Vulnerability Type** | Remote Code Execution |
| **Attack Vector** | Network - unauthenticated |

## 📚 Contents

- [📄 Full Technical Analysis](analyses/CVE-2021-44228-Log4Shell.md)
- [🔬 Lab Setup Guide](labs/log4shell-lab-guide.md)
- [📋 Analysis Template](templates/TEMPLATE_CVE.md)
- [🤝 Contributing](contributing.md)

## 🛠 Skills Demonstrated

- Vulnerability Research
- Static Code Analysis
- Java Security Analysis
- Patch Analysis
- Threat Modeling
- Security Mitigation Strategies

## ⚠️ Disclaimer

This analysis is for **educational and defensive purposes only**. All information provided is intended to help organizations understand and protect against this vulnerability.

---

*For educational purposes | Created for security research portfolio*

File Snapshot


 [4.0K]  /data/pocs/f4eccb2729811f88e3d3bb5b530d5f66ff7c3463
├── [4.0K]  analyses
│   └── [1.4K]  CVE-2021-44228-Log4Shell.md
└── [1.7K]  README.md

2 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!