Lucene search

K
cvelistApacheCVELIST:CVE-2018-1285
HistoryMay 11, 2020 - 4:41 p.m.

CVE-2018-1285

2020-05-1116:41:28
apache
www.cve.org
1

7.3 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.8%

Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.

CNA Affected

[
  {
    "product": "Apache log4net",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Apache log4net up to 2.0.8"
      }
    ]
  }
]

References