The Java XML parser in Echo before 2.1.1 and 3.x before 3.0.b6 allows remote attackers to read arbitrary files via a request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: ibm
Published: 2013-05-02T10:00:00
Updated: 2024-08-07T07:32:22.755Z
Reserved: 2013-05-01T00:00:00
Link: CVE-2009-5135
Vulnrichment
No data.
NVD
Status : Modified
Published: 2013-05-02T11:44:41.410
Modified: 2018-10-10T19:49:39.467
Link: CVE-2009-5135
Redhat
No data.