CVEs-PoC/2018/CVE-2018-1285.md at dc3bd6cd71a486f862e7cf4da52fce4cfeb10e52

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-07 17:36:58 +02:00

Files

T

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.

POC

Reference

https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2021.html

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/SeppPenner/outlookcaldavsynchronizer-german-readme
https://github.com/alex-ermolaev/Log4NetSolarWindsSNMP-
https://github.com/aluxnimm/outlookcaldavsynchronizer
https://github.com/jnewman-sonatype/DotNetTest
https://github.com/shiftingleft/dotnet-scm-test
https://github.com/wwwuui2com61/53_15498
https://github.com/wwwuuid2com47/62_15498

1.2 KiB Raw Blame History

CVE-2018-1285

Description

POC

Reference

Github

1.2 KiB

Raw Blame History