5
CVE-2009-5135
- EPSS 9.92%
- Veröffentlicht 02.05.2013 11:44:41
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
LoginThe Java XML parser in Echo before 2.1.1 and 3.x before 3.0.b6 allows remote attackers to read arbitrary files via a request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 9.92% | 0.95 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://echo.nextapp.com/site/node/5742
http://secunia.com/advisories/34218
http://www.exploit-db.com/exploits/8191/
http://www.securityfocus.com/archive/1/501637/100/0/threaded
http://www.vupen.com/english/advisories/2009/0653
https://exchange.xforce.ibmcloud.com/vulnerabilities/49167
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20090305-0_echo_nextapp_xml_injection.txt