2 results (0.017 seconds)

CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 0

Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files. Apache log4net versiones anteriores a 2.0.10, no deshabilita las entidades externas XML cuando analiza los archivos de configuración de log4net. Esto permite realizar ataques basados en XXE en aplicaciones que aceptan archivos de configuración log4net controlados por el atacante • https://issues.apache.org/jira/browse/LOG4NET-575 https://lists.apache.org/thread.html/r00b16ac5e0bbf7009a0d167ed58f3f94d0033b0f4b3e3d5025cc4872%40%3Cdev.logging.apache.org%3E https://lists.apache.org/thread.html/r33564de316d4e4ba0fea1d4d079e62cde1ffe64369c1157243d840d9%40%3Cdev.logging.apache.org%3E https://lists.apache.org/thread.html/r525cbbd7db0aef4a114cf60de8439aa285decc34904d42a7f14f39c3%40%3Cdev.logging.apache.org%3E https://lists.apache.org/thread.html/r6543acafca3e2d24ff4b0c364a91540cb9378977ffa8d37a03ab4b0f%40%3Cdev.logging.apache.org%3E https://lists.apache.or • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 0

Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors. • http://issues.apache.org/jira/browse/LOG4NET-67 http://secunia.com/advisories/19241 http://secunia.com/advisories/22932 http://www.novell.com/linux/security/advisories/2006_26_sr.html http://www.osvdb.org/23905 http://www.securityfocus.com/bid/17095 http://www.vupen.com/english/advisories/2006/0955 https://exchange.xforce.ibmcloud.com/vulnerabilities/25196 • CWE-134: Use of Externally-Controlled Format String •