Fuzzing Java to Find Log4j Vulnerability - CVE-2021-45046

After the log4shell (CVE-2021-44228) vulnerability was patched with version 2.15, another CVE was filed. Apparently log4j was still vulnerable in some cases to a denial of service. However it turned out that on some systems, the issue can still lead to a remote code execution. In this video we use the Java fuzzer Jazzer to find a bypass. Jazzer Java Fuzzer: https://github.com/CodeIntelligenceTe... Anthony Weems:   / amlweems   00:00 - Intro 00:54 - Chapter #1: The New CVE 03:38 - Chapter #2: Disable Lookups 05:43 - Chapter #3: Vulnerable log4j Configs 07:52 - Chapter #4: The Remote Code Execution 10:53 - Chapter #5: Parser Differential 12:57 - Chapter #6: Differential Fuzzing 16:07 - Chapter #7: macOS Only 18:15 - Chapter #8: Increase Impact 19:03 - Summary 19:58 - Outro =[ ❤️ Support ]= → per Video:   / liveoverflow   → per Month:    / @liveoverflow   =[ 🐕 Social ]= → Twitter:   / liveoverflow   → Instagram:   / liveoverflow   → Blog: https://liveoverflow.com/ → Subreddit:   / liveoverflow   → Facebook:   / liveoverflow