CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-12801 – SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks
https://notcve.org/view.php?id=CVE-2024-12801
19 Dec 2024 — Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML configuration files. Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML... • https://logback.qos.ch/news.html#1.5.13 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-6481 – Logback "receiver" DOS vulnerability CVE-2023-6378 incomplete fix
https://notcve.org/view.php?id=CVE-2023-6481
04 Dec 2023 — A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. Una vulnerabilidad de serialización en el componente Logback Receiver. Las versiones 1.4.13, 1.3.13 y 1.2.12 de Logback permite a un atacante montar un ataque de denegación de servicio enviando datos envenenados. A flaw was found in the logback package. Affected versions of this package are vulnerable to Uncontrolled Re... • https://logback.qos.ch/news.html#1.3.12 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2023-6378 – Logback "receiver" DOS vulnerability
https://notcve.org/view.php?id=CVE-2023-6378
29 Nov 2023 — A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. Una vulnerabilidad de serialización en el componente receptor de inicio de sesión de la versión 1.4.11 permite a un atacante montar un ataque de Denegación de Servicio mediante el envío de datos envenenados. A flaw was found in the logback package, where it is vulnerable to a denial of service caused by a serialization flaw in the receive... • https://logback.qos.ch/news.html#1.3.12 • CWE-499: Serializable Class Containing Sensitive Data CWE-502: Deserialization of Untrusted Data •
CVSS: 8.5EPSS: 2%CPEs: 17EXPL: 3CVE-2021-42550 – RCE from attacker with configuration edit priviledges through JNDI lookup
https://notcve.org/view.php?id=CVE-2021-42550
16 Dec 2021 — In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. En logback versiones 1.2.7 y anteriores, un atacante con los privilegios necesarios para editar archivos de configuración podría diseñar una configuración maliciosa que permitiera ejecutar código arbitrario cargado desde servidores LDAP A flaw was found in the logback package. When using a special... • http://logback.qos.ch/news.html • CWE-502: Deserialization of Untrusted Data •