88 matches found
Updated log4net packages fix security vulnerability
Updated log4net packages fix security vulnerability This patch fixes a security vulnerability reported by Karthik Balasundaram. The security vulnerability was found in the way how log4net parses xml configuration files where it allowed to process XML External Entity Processing. An attacker could...
MGASA-2020-0233 Updated log4net packages fix security vulnerability
Updated log4net packages fix security vulnerability This patch fixes a security vulnerability reported by Karthik Balasundaram. The security vulnerability was found in the way how log4net parses xml configuration files where it allowed to process XML External Entity Processing. An attacker could...
Fedora 30 : log4net (2020-cfc319e067)
Security fix for CVE-2018-1285 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network...
Fedora 31 : log4net (2020-847775bf79)
Security fix for CVE-2018-1285 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network...
[SECURITY] Fedora 30 Update: log4net-2.0.8-10.fc30
log4net is a tool to help the programmer output log statements to a variety of output targets. log4net is a port of the excellent log4j framework to the .NET runtime...
[SECURITY] Fedora 32 Update: log4net-2.0.8-10.fc32
log4net is a tool to help the programmer output log statements to a variety of output targets. log4net is a port of the excellent log4j framework to the .NET runtime...
[SECURITY] Fedora 31 Update: log4net-2.0.8-10.fc31
log4net is a tool to help the programmer output log statements to a variety of output targets. log4net is a port of the excellent log4j framework to the .NET runtime...
Debian DLA-2211-1 : log4net security update
It was discovered that there was an XML external entity vulnerability in log4net, a logging API for the ECMA Common Language Infrastructure CLI, sometimes referred to as 'Mono'. This type of attack occurs when XML input containing a reference to an internet-faced entity is processed by a weakly...
Debian: Security Advisory (DLA-2211-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2211-1] log4net security update
Package : log4net Version : 1.2.10+dfsg-6+deb8u1 It was discovered that there was an XML external entity vulnerability in log4net, a logging API for the ECMA Common Language Infrastructure CLI, sometimes referred to as "Mono". This type of attack occurs when XML input containing a reference to an...
DLA-2211-1 log4net - security update
Bulletin has no description...
Apache log4net XXE Vulnerability
Apache log4net is the United States Apache Apache Software Foundation, a logging output tool. A security vulnerability exists in the parsing of log4net configuration files in Apache log4net versions prior to 2.0.8. An attacker can exploit this vulnerability to force the system to accept arbitrary...
CVE-2018-1285
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files...
CVE-2018-1285
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files...
DEBIAN-CVE-2018-1285
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files...
Cross site scripting
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files...
CVE-2018-1285
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files...
UBUNTU-CVE-2018-1285
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files...
CVE-2018-1285
CVE-2018-1285 affects Apache log4net up to version 2.0.9 (pre-2.0.10), where XML External Entity (XXE) processing is not disabled when parsing log4net configuration files, enabling XXE-based attacks in apps that accept attacker-controlled config. The connected IBM security bulletin confirms the v...
CVE-2018-1285
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files...