CVE-2018-1285 vulnerability in Apache and Other Products
Published on May 11, 2020

Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.

Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2018-1285

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-1285 are published in these products:

Apache Log4net

Fedora Project Fedora

Oracle Hospitality Opera 5

Oracle Hospitality Simphony

Oracle Application Testing Suite

NetApp Snapcenter

NetApp Manageability Software Development Kit

Exploit Probability

EPSS

49.02%

Percentile

97.72%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-1285 vulnerability in Apache and Other ProductsPublished on May 11, 2020

Products Associated with CVE-2018-1285

Exploit Probability

CVE-2018-1285 vulnerability in Apache and Other Products
Published on May 11, 2020