[VIM] Apache log4net issue is a format string
Steven M. Christey
coley at mitre.org
Sat Mar 18 20:04:45 EST 2006
Whoops, forgot to tell people that the vaguely reported log4net issue
is a format string. See CVE's analysis field below.
======================================================
Name: CVE-2006-0743
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0743
Acknowledged: yes advisory
Announced: 20060309
Flaw: format-string
Reference: CONFIRM:http://issues.apache.org/jira/browse/LOG4NET-67
Reference: BID:17095
Reference: URL:http://www.securityfocus.com/bid/17095
Reference: SECUNIA:19241
Reference: URL:http://secunia.com/advisories/19241
Format string vulnerability in LocalSyslogAppender in Apache log4net
1.2.9 might allow remote attackers to cause a denial of service (memory
corruption and termination) via unknown vectors.
Analysis:
ACCURACY: bug type provided by Marcus Meissner via e-mail on March 13,
2006.
More information about the VIM
mailing list