Lucene search
K

5 matches found

RedHat Linux
RedHat Linux
added 2026/06/02 5:41 p.m.10 views

org.apache.logging.log4j/log4j-core: Apache Log4j Core: Log injection via CRLF sequences due to configuration attribute renames

A flaw was found in Apache Log4j Core. This vulnerability allows for log injection through the use of Carriage Return Line Feed CRLF sequences. This occurs because security-related configuration attributes were silently renamed, impacting users who directly configure Rfc5424Layout with stream-bas...

7.5CVSS6.6AI score0.00831EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/04/15 12:0 a.m.187 views

Apache Log4j 2.21.0 < 2.25.4 Rfc5424Layout Log Injection (CVE-2026-34478)

The version of Apache Log4j on the remote host is 2.21.0 through 2.25.3. It is, therefore, affected by a vulnerability: - The Rfc5424Layout is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes. The newLineEscape attribute was...

7.5CVSS5.3AI score0.00831EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/04/14 11:26 p.m.8 views

SUSE CVE-2026-34478

Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.htmlRFC5424Layout , in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes. Two distinct issues affect user...

6.9CVSS5.8AI score0.00831EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/10 4:16 p.m.4 views

CVE-2026-34478

Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.htmlRFC5424Layout , in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes. Two distinct issues affect user...

7.5CVSS5.8AI score0.00831EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/04/10 3:40 p.m.5 views

CVE-2026-34478

Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.htmlRFC5424Layout , in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes. Two distinct issues affect user...

7.5CVSS5.2AI score0.00831EPSS
Exploits0
Rows per page
Query Builder