Fuzzing Java to Find Log4j Vulnerability - CVE-2021-45046
After the log4shell (CVE-2021-44228) vulnerability was patched with version , another CVE was filed. Apparently log4j was still vulnerable in some cases to a denial of service. However it turned out that on some systems, the issue can still lead to a remote code execution. In this video we use the Java fuzzer Jazzer to find a bypass.
Jazzer Java Fuzzer:
Anthony Weems:
00:00 - Intro
00:54 - Chapter #1: The New CVE
03:38 - Chapter #2: Disable Lookups
05:43 - Chapter #3: Vulnerable log4j Configs
07:52 - Chapter #4: The Remote Code Execution
10:53 - Chapter #5: Parser Differential
12:57 - Chapter #6: Differential Fuzzing
16:07 - Chapter #7: macOS Only
18:15 - Chapter #8: Increase Impact
19:03 - Summary
19:58 - Outro
-=[ ❤️ Support ]=-
→ per Video:
→ per Month:
-=[ 🐕 Social ]=-
→ Twitter:
→
1 month ago 00:20:22 1
8 months ago 03:01:17 1
8 months ago 02:00:03 1
11 months ago 00:33:46 1
1 year ago 00:23:24 1
2 years ago 00:22:12 1
2 years ago 00:45:42 1
2 years ago 00:24:55 1
3 years ago 00:21:49 1
3 years ago 00:20:19 1
7 years ago 00:07:16 2
