Endpoint Vulnerability

Apache log4net CVE-2018-1285 XML External Entity Vulnerability

Description

Apache log4net versions before 2.0.10 fail to disable XML external entities when parsing configuration files, enabling XXE attacks in applications that accept attacker-controlled log4net configs.

Affected Applications

Apache log4net

Version Updates

Date	Version	Status	Detail
2022-04-06	1.00303	Modified	Apache log4net
2022-01-20	1.00288	Modified	Apache log4net
2021-07-28	1.00255	New	Apache log4net

References

https://issues.apache.org/jira/browse/LOG4NET-575

ID	2705
Created	Jul 22, 2021
Description Updated	Jan 16, 2026
CVE ID
Risk
Coverage	FortiClient
OS	Windows
Vendor	Apache Software Foundation
Patch	manual
Application	Apache log4net

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Endpoint Vulnerability

Apache log4net CVE-2018-1285 XML External Entity Vulnerability

Description

Affected Applications

Version Updates

References

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Endpoint Vulnerability

Apache log4net CVE-2018-1285 XML External Entity Vulnerability

Description

Affected Applications

Version Updates

References

Threat Intelligence
Center