CVE-2021-44228-Log4Shell-Hashes icon indicating copy to clipboard operation
CVE-2021-44228-Log4Shell-Hashes copied to clipboard
verified publisher icon mubix

hashes don't seem to be exhaustive

Open jasonwbarnett opened this issue 4 years ago • 3 comments

I have two systems that have log4j 2.11.1 and the sha256sum of mine is: a20c34cdac4978b76efcc9d0db66e95600bd807c6a0bd3f5793bcb45d07162ec

jasonwbarnett avatar Dec 11 '21 00:12 jasonwbarnett

Which file did you hash? Someone else online mentioned another hash and I'm looking into it. This is where I got my hashes from: https://archive.apache.org/dist/logging/log4j/2.11.1/ and I just did a SHA256SUM of every file in the 2.11.1 repo and didn't find your hash. Because the Java is released as source code there is a good possibility of people compiling as part of larger projects

mubix avatar Dec 11 '21 02:12 mubix

Hi @mubix , first of all thanks for all your effort, I found another hash and found that one in this list https://gist.github.com/spasam/7b2b2e03c6dd7bd6f1029e88c7cc82ad

alexverboon avatar Dec 16 '21 14:12 alexverboon

Ref. the hash a20c34cdac4978b76efcc9d0db66e95600bd807c6a0bd3f5793bcb45d07162ec

VirusTotal appears to confirm hash belongs to log4j-core-2.11.1.jar per https://www.virustotal.com/gui/file/a20c34cdac4978b76efcc9d0db66e95600bd807c6a0bd3f5793bcb45d07162ec/details

jbull0ck avatar Dec 16 '21 16:12 jbull0ck