Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 1.5.12 on the Java platform, allows an attacker to
forge requests by compromising logback configuration files in XML.
The attacks involves the modification of DOCTYPE declaration in XML configuration files.
Metrics
Affected Vendors & Products
References
History
Fri, 20 Dec 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 20 Dec 2024 01:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Thu, 19 Dec 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML configuration files. | |
Title | SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks | |
Weaknesses | CWE-918 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: NCSC.ch
Published: 2024-12-19T16:11:50.044Z
Updated: 2024-12-20T20:16:07.566Z
Reserved: 2024-12-19T16:09:59.761Z
Link: CVE-2024-12801
Vulnrichment
Updated: 2024-12-20T20:16:02.318Z
NVD
Status : Received
Published: 2024-12-19T17:15:08.930
Modified: 2024-12-19T17:15:08.930
Link: CVE-2024-12801
Redhat