Apache Log4cxx XMLLayout Unescaped Character Vulnerability Leading to Silent Log Loss

A vulnerability exists in Apache Log4cxx's XMLLayout component, in versions prior to 1.7.0. The issue arises because the layout fails to properly sanitize characters that are forbidden by the XML 1.0 specification. This oversight occurs in log messages, as well as NDC and MDC property keys and values, resulting in the generation of invalid XML. Conforming XML parsers are required to reject such documents, which can cause downstream log processing systems to drop or fail to index the affected records. This vulnerability can be exploited by an attacker who can influence the logged data, leading to the suppression of individual log records and impairing audit trails and the detection of malicious activities.

Impact

Exploitation of this vulnerability causes a silent loss of log events, with the potential to disrupt audit trails and the detection of malicious activities.

Remediation

Users are advised to upgrade to Apache Log4cxx version 1.7.0, which addresses this vulnerability.