The Java XML parser in Echo prior to 2.1.1 and 3.x prior to 3.0.b6 allows remote malicious users to read arbitrary files via a request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
nextapp echo 2.1.0 |
||
nextapp echo 2.0 |
||
nextapp echo |
||
nextapp echo 2.0.1 |
||
nextapp echo 3.0 |