Apache Log4Net vulnerabilities
2 known vulnerabilities affecting apache/log4net.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2018-1285CRITICALCVSS 9.8fixed in 2.0.102020-05-11
CVE-2018-1285 [CRITICAL] CWE-611 CVE-2018-1285: Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net conf
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.
nvd
CVE-2006-0743MEDIUMCVSS 5.0v1.2.9_beta2006-03-09
CVE-2006-0743 [MEDIUM] CWE-134 CVE-2006-0743: Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attack
Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
nvd