CVE-2018-1285
 
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.
Apache log4net versiones anteriores a 2.0.10, no deshabilita las entidades externas XML cuando analiza los archivos de configuraciĆ³n de log4net. Esto permite realizar ataques basados en XXE en aplicaciones que aceptan archivos de configuraciĆ³n log4net controlados por el atacante
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-12-07 CVE Reserved
- 2020-05-11 CVE Published
- 2024-08-05 CVE Updated
- 2024-11-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-611: Improper Restriction of XML External Entity Reference
CAPEC
References (17)
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.oracle.com/security-alerts/cpuapr2022.html | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Log4net Search vendor "Apache" for product "Log4net" | < 2.0.10 Search vendor "Apache" for product "Log4net" and version " < 2.0.10" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 30 Search vendor "Fedoraproject" for product "Fedora" and version "30" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 31 Search vendor "Fedoraproject" for product "Fedora" and version "31" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Application Testing Suite Search vendor "Oracle" for product "Application Testing Suite" | 13.3.0.1 Search vendor "Oracle" for product "Application Testing Suite" and version "13.3.0.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Hospitality Opera 5 Search vendor "Oracle" for product "Hospitality Opera 5" | 5.5 Search vendor "Oracle" for product "Hospitality Opera 5" and version "5.5" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Hospitality Opera 5 Search vendor "Oracle" for product "Hospitality Opera 5" | 5.6 Search vendor "Oracle" for product "Hospitality Opera 5" and version "5.6" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Hospitality Simphony Search vendor "Oracle" for product "Hospitality Simphony" | 18.2.7.2 Search vendor "Oracle" for product "Hospitality Simphony" and version "18.2.7.2" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Hospitality Simphony Search vendor "Oracle" for product "Hospitality Simphony" | 19.1.3 Search vendor "Oracle" for product "Hospitality Simphony" and version "19.1.3" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Manageability Software Development Kit Search vendor "Netapp" for product "Manageability Software Development Kit" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Snapcenter Search vendor "Netapp" for product "Snapcenter" | - | - |
Affected
|