Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to
forge requests by compromising logback configuration files in XML.
The attacks involves the modification of DOCTYPE declaration in XML configuration files.
Published: 2024-12-19
CVSS: 2.4
CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:N/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:X/U:Clear
Download Exploit for CVE-2024-12801 here:
Tip: Download official Tor Browser at https://www.torproject.org/download/ to access .onion links.
https://augustaverburg.nl/exploit-646-cve-2017-0001/
https://augustaverburg.nl/exploit-170-cve-2018-10561/
https://augustaverburg.nl/exploit-516-cve-2025-38211/
https://augustaverburg.nl/exploit-461-cve-1999-0517/
https://augustaverburg.nl/exploit-853-cve-2025-53020/