Use port 9389 instead of 389 to run the dodgy LDAP server on, since ports < 1024 can't be bound by non-root processes.
The included dodgy-ldap-server.jar binary is rebuilt from changes on top of https://github.com/jensdietrich/Log4J-RCE-Proof-Of-Concept I will push there once I get write access. (Basically, handling the --port command-line argument.)
Tested locally. As intended, mvn clean test on org.apache.logging.log4j:log4j-core:2.14.1 now succeeds, while 2.15.0 now fails.
Use port 9389 instead of 389 to run the dodgy LDAP server on, since ports < 1024 can't be bound by non-root processes.
The included
dodgy-ldap-server.jar
binary is rebuilt from changes on top of https://github.com/jensdietrich/Log4J-RCE-Proof-Of-Concept I will push there once I get write access. (Basically, handling the--port
command-line argument.)Tested locally. As intended,
mvn clean test
onorg.apache.logging.log4j:log4j-core:2.14.1
now succeeds, while2.15.0
now fails.