Lucene search
K

88 matches found

Debian CVE
Debian CVE
added 2020/05/11 4:41 p.m.109 views

CVE-2018-1285

Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files...

9.8CVSS7.4AI score0.49839EPSS
Exploits0
Veracode
Veracode
added 2020/05/11 3:38 a.m.53 views

XML External Entities (XXE)

log4net is vulnerable to XML external entity attacks. External DTDs are enabled by default and allow attackers to perform XXE attacks using malicious XML data and documents...

9.8CVSS5.4AI score0.49839EPSS
Exploits0References29Affected Software1
Positive Technologies
Positive Technologies
added 2020/05/11 12:0 a.m.5 views

PT-2020-5531 · Apache +2 · Log4Net +2

Name of the Vulnerable Software and Affected Versions: Apache log4net versions prior to 2.0.10 Description: The issue is related to errors in restricting XML links to external objects XXE in the log4net logging library on the .NET Framework platform. Exploitation of this issue may allow a remote...

10CVSS7.1AI score0.49839EPSS
Exploits0References60
RedhatCVE
RedhatCVE
added 2015/10/30 9:41 a.m.24 views

CVE-2006-0743

Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service memory corruption and termination via unknown vectors...

5CVSS7.5AI score0.06225EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2007/10/17 12:0 a.m.28 views

openSUSE 10 Security Update : log4net (log4net-2211)

This update fixes a format string exploit in the RemoteSyslogAppender of log4net. CVE-2006-0743 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update log4net-2211. The text description of this plugi...

5CVSS5.3AI score0.06225EPSS
Exploits0
Prion
Prion
added 2006/03/09 8:2 p.m.13 views

Format string

Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service memory corruption and termination via unknown vectors...

5CVSS7.3AI score0.06225EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2006/03/09 8:0 p.m.33 views

CVE-2006-0743

Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service memory corruption and termination via unknown vectors...

6.7AI score0.06225EPSS
Exploits0References8
CVE
CVE
added 2006/03/09 8:0 p.m.73 views

CVE-2006-0743

CVE-2006-0743 affects Apache log4net 1.2.9 (LocalSyslogAppender) with a format string vulnerability that could cause a denial of service via memory corruption. The connected documents confirm the vulnerability in log4net 1.2.9 and describe DoS outcomes; some advisories note remediation by upgradi...

5CVSS6.7AI score0.06225EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder