Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
ApacheLog4net

3 matches found

CVE
CVEadded 2020/05/11 4:41 p.m.347 views

CVE-2018-1285

CVE-2018-1285 affects Apache log4net up to version 2.0.9 (pre-2.0.10), where XML External Entity (XXE) processing is not disabled when parsing log4net configuration files, enabling XXE-based attacks in apps that accept attacker-controlled config. The connected IBM security bulletin confirms the v...

9.8CVSS7.1AI score0.67329EPSS
CVE
CVEadded 2006/03/09 8:0 p.m.68 views

CVE-2006-0743

CVE-2006-0743 affects Apache log4net 1.2.9 (LocalSyslogAppender) with a format string vulnerability that could cause a denial of service via memory corruption. The connected documents confirm the vulnerability in log4net 1.2.9 and describe DoS outcomes; some advisories note remediation by upgradi...

5CVSS6.7AI score0.0447EPSS
CVE
CVEadded 2026/04/10 3:44 p.m.17 views

CVE-2026-40021

Apache Log4net before version 3.3.0 contains a vulnerability in XmlLayout and XmlLayoutSchemaLog4J where characters forbidden by XML 1.0 are not sanitized in MDC keys/values and the identity field. The issue causes a serialization exception and silent loss of the affected log event, which can be ...

6.3CVSS5.8AI score0.00285EPSS