Apache Struts - Remote Code Execution (Log4Shell - CVE-2021-44228)
- Severity
- Vulnerability description
- Not available
- Risk description
- Not available
- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
- Recommendation
- Not available
- References
- https://pentest-tools.com/blog/log4shell-scanner-detect-cve-2021-44228/https://pentest-tools.com/blog/how-we-detect-log4shell/https://nvd.nist.gov/vuln/detail/CVE-2021-44228https://logging.apache.org/log4j/2.x/security.htmlhttps://struts.apache.org/announce-2021#a20211212-2https://www.oracle.com/security-alerts/alert-cve-2021-44228.html
- Codename
- Log4Shell
- Detectable with
- Network Scanner
- Scan engine
- Sniper
- Exploitable with Sniper
- Yes
- CVE Published
- Dec 10, 2021
- Detection added at
- Software Type
- Web framework
- Vendor
- Apache
- Product
- Struts
Detect this vulnerability now!
Check your clients' targets (or your own) for this vulnerability and thousands more! Get proof for validation with our ethical hacking toolkit.