Apache log4net versions prior to 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache log4net |
||
fedoraproject fedora 30 |
||
fedoraproject fedora 31 |
||
fedoraproject fedora 32 |
||
oracle application testing suite 13.3.0.1 |
||
oracle hospitality simphony 19.1.3 |
||
oracle hospitality simphony 18.2.7.2 |
||
oracle hospitality opera 5 5.5 |
||
oracle hospitality opera 5 5.6 |
||
netapp snapcenter - |
||
netapp manageability software development kit - |