FortiClient vulnerability scan reports issue with Apache log4net.dll 1.2.11.0
Description
Security Vulnerability CVE-2018-1285 for log4net
Critical Date Released: 2020-05-11 Recommended Action: Download and install patches as instructed Description: Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files. Affected Products: Apache log4net CVE IDs: CVE-2018-1285 Vendor Information: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1285 Vendor Patch Download: https://logging.apache.org/log4net/download_log4net.html
Major
Security Vulnerability CVE-2018-1285 for log4net
Critical
Date Released: 2020-05-11
Recommended Action:
Download and install patches as instructed
Description:
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.
Affected Products:
Apache log4net
CVE IDs:
CVE-2018-1285
Vendor Information:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1285
Vendor Patch Download:
https://logging.apache.org/log4net/download_log4net.html