XXX4Fans
LiveOverflow from patreon
LiveOverflow

patreon


Fuzzing Java to Find Log4j Vulnerability - CVE-2021-45046

After the log4shell (CVE-2021-44228) vulnerability was patched with version 2.15, another CVE was filed. Apparently log4j was still vulnerable in some cases to a denial of service. However it turned out that on some systems, the issue can still lead to a remote code execution. In this video we use the Java fuzzer Jazzer to find a bypass.  

Jazzer Java Fuzzer: https://github.com/CodeIntelligenceTesting/jazzer

Anthony Weems: https://twitter.com/amlweems

Fuzzing Java to Find Log4j Vulnerability - CVE-2021-45046

Related Creators