The log4sh_readProperties function in log4sh 1.2.5 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable log4sh.$$ filenames.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-09-02
Updated
2011-03-08
1 vulnerabilities found