virus logo FortiClient Vulnerability

Apache log4net CVE-2018-1285 XML External Entity Vulnerability

description-logoDescription

Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.

affected-products-logoAffected Applications

Apache log4net

CVE References

CVE-2018-1285

Other References

https://issues.apache.org/jira/browse/LOG4NET-575
ID 2705
Created Jul 28, 2021
Description
Updated		 Oct 16, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Coverage FortiClient
OS Windows
Vendor Apache Software Foundation
Patch manual
Application Apache log4net