Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2018-1285

Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.

See the

CVE page on Mitre.org for more details.

References

MISC: https://lists.apache.o...
FEDORA: FEDORA-2020-73d380e9b9
FEDORA: FEDORA-2020-847775bf79
FEDORA: FEDORA-2020-cfc319e067
MLIST: [logging-dev] 20200525...
MLIST: [logging-dev] 20200525...
MLIST: [logging-dev] 20200617...
MLIST: [logging-dev] 20200730...
MLIST: [logging-dev] 20200826...
MLIST: [logging-dev] 20200826...
MLIST: [logging-dev] 20200906...
MISC: https://issues.apache....
MISC: https://www.oracle.com...
MISC: https://www.oracle.com...
MLIST: [logging-dev] 20210817...
MISC: https://www.oracle.com...
CONFIRM: https://security.netap...

Launchpad.net

CVE 2018-1285

Related bugs

References