suse · CVE-2018-1285

Quick triage

Priority: medium Published: 2021-05-30 14:07:02 UTC Updated: 2024-07-27 00:39:41 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2018-1285 severity moderate: SUSE including 2 source package names (log4net-1.2.10-3.3.1, log4net-1.2.10-78.1), 2 product×package rows across 2 product lines (SUSE Linux Enterprise Server 11 SP3-TERADATA, openSUSE Tumbleweed): Fixed 2.

Description:

Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.

cvelogic Threat Intelligence