Vulnerability Description
The Java XML parser in Echo before 2.1.1 and 3.x before 3.0.b6 allows remote attackers to read arbitrary files via a request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextapp | Echo | <= 2.1.0 |
Related Weaknesses (CWE)
References
- http://echo.nextapp.com/site/node/5742Vendor Advisory
- http://secunia.com/advisories/34218Vendor Advisory
- http://www.exploit-db.com/exploits/8191/Exploit
- http://www.securityfocus.com/archive/1/501637/100/0/threaded
- http://www.vupen.com/english/advisories/2009/0653
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49167
- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20090305-Exploit
- http://echo.nextapp.com/site/node/5742Vendor Advisory
- http://secunia.com/advisories/34218Vendor Advisory
- http://www.exploit-db.com/exploits/8191/Exploit
- http://www.securityfocus.com/archive/1/501637/100/0/threaded
- http://www.vupen.com/english/advisories/2009/0653
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49167
- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20090305-Exploit
FAQ
What is CVE-2009-5135?
CVE-2009-5135 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Java XML parser in Echo before 2.1.1 and 3.x before 3.0.b6 allows remote attackers to read arbitrary files via a request containing an external entity declaration in conjunction with an entity ref...
How severe is CVE-2009-5135?
CVE-2009-5135 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-5135?
Check the references section above for vendor advisories and patch information. Affected products include: Nextapp Echo.