An XXE issue exists in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via the "X-Wap-Profile" HTTP header.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
carrier automatedlogic webctrl 6.0 |
||
carrier automatedlogic webctrl 6.1 |
||
carrier automatedlogic webctrl 6.5 |