Skip to content

lockfale/apache-log4j-poc

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Apache-Log4j

Apache Log4j 远程代码执行

攻击者可直接构造恶意请求,触发远程代码执行漏洞。漏洞利用无需特殊配置,经阿里云安全团队验证,Apache Struts2、Apache Solr、Apache Druid、Apache Flink等均受影响

image

修复方案:

(1)修改jvm参数 -Dlog4j2.formatMsgNoLookups=true

(2)修改配置 在应用classpath下添加log4j2.component.properties配置文件,log4j2.formatMsgNoLookups=true

About

Apache Log4j 远程代码执行

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Java 100.0%