- Description
- Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML configuration files.
- Source
- vulnerability@ncsc.ch
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 2.4
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:N/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:X/U:Clear
- Severity
- LOW
- vulnerability@ncsc.ch
- CWE-918
- Hype score
- Not currently trending
🔵 QOSch logback-core, Server-Side Request Forgery (SSRF), #CVE-2024-12801 (Low) https://t.co/wPwaUATJyS
@dailycve
19 Dec 2024
33 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12801 Server-Side Request Forgery in https://t.co/cwf6cEl4x4 logback via XML Configurati... https://t.co/NCPuwvaQIS Vulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x
@VulmonFeeds
19 Dec 2024
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12801 Server-Side Request Forgery (SSRF) in SaxEventRecorder by https://t.co/PbernY7KbX logback version 1.5.12 on the Java platform, allows an attacker to forge requests by compromising lo… https://t.co/aPUN8ojtES
@CVEnew
19 Dec 2024
293 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes