log4j-log4shell-affected vs log4j-shell-poc

log4j-log4shell-affected

Lists of affected components and affected apps/vendors by CVE-2021-44228 (aka Log4shell or Log4j RCE). This list is meant as a resource for security responders to be able to find and address the vulnerability (by authomize)

Source Code

Suggest alternative

Edit details

log4j-shell-poc

A Proof-Of-Concept for the CVE-2021-44228 vulnerability. (by kozmer)

Log4j cve-2021-44228 Java Security

DISCONTINUED

Suggest alternative

Edit details

InfluxDB - Power Real-Time Data Analytics at Scale

Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

www.influxdata.com

featured

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

featured

log4j-log4shell-affected		log4j-shell-poc
	Project
3	Mentions	2
53	Stars	1,718
-	Growth	-
0.0	Activity	0.0
over 2 years ago	Latest Commit	3 months ago
	Language	Python
-	License	MIT License

The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

log4j-log4shell-affected

Posts with mentions or reviews of log4j-log4shell-affected. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-04-02.

Known applications that use Spring Framework
2 projects | /r/sysadmin | 2 Apr 2022

When Log4J hit, someone had the forethought to publish a list of affected applications on GITHUB.
Given the recent Log4J exploit, what widely used linux apps should we be careful with until they are patched?
1 project | /r/linuxquestions | 15 Dec 2021
US warns hundreds of millions of devices at risk from newly revealed software vulnerability
2 projects | /r/iphone | 14 Dec 2021

That being said, I've been keeping an eye out on this Github tracker that consolidates responses from vendors so at least we can see their statements: https://github.com/authomize/log4j-log4shell-affected

log4j-shell-poc

Posts with mentions or reviews of log4j-shell-poc. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-03-27.

log4j shell poc with User-Agent payload
2 projects | /r/netsecstudents | 27 Mar 2022

https://github.com/kozmer/log4j-shell-poc/blob/main/vulnerable-application/src/main/java/com/example/log4shell/LoginServlet.java line 31

What are some alternatives?

When comparing log4j-log4shell-affected and log4j-shell-poc you can also consider the following projects:

CVE-2021-44228-PoC-log4j-bypass-words - 🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

L4sh - Log4Shell RCE Exploit - fully independent exploit does not require any 3rd party binaries.

spring4shell - Operational information regarding the Spring4Shell vulnerability in the Spring Core Framework

log4jpwn - log4j rce test environment and poc

log4shell-tools - Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046

py4jshell - Simulating Log4j Remote Code Execution (RCE) vulnerability in a flask web server using python's logging library with custom formatter that simulates lookup substitution by executing remote exploit code.

log4j-finder - Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)

awesome-list-of-secrets-in-environment-variables - 🦄🔒 Awesome list of secrets in environment variables 🖥️