SpaceLeam opened a new pull request, #273: URL: https://github.com/apache/logging-log4net/pull/273
Demonstrates vulnerability in log4net RemoteSyslogAppender where CRLF characters in log messages create multiple syslog entries, allowing log forgery and SIEM evasion. Test cases: - Baseline normal logging - Single CRLF injection (2 entries from 1 call) - Multiple CRLF (log poisoning) - Null byte + CRLF - UDP fragmentation - Realistic attack scenario Target: log4net v3.2.1 master branch Issue: LOG4NET-370 (incomplete fix) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
