apache/log4net: The latest CVE Vulnerabilities and Exploits for Penetration Test
apache/log4net Vulnerability Summary Vendor name: apache Product name: log4net Total vulnerabilities: 2 (as 2023-05-04) apache/log4net Vulnerability List CVE-2018-1285: Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net… Published: 2020-05-11T17:15:00 Last Modified: 2021-09-21T17:10:00
Summary
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.
Common Weakness Enumeration (CWE): CWE-611: Improper Restriction of XML External Entity Reference CWE Description: The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.