Apache Tomcat XML External Entity Information Disclosure Vulnerability Network Vulnerability

Summary

This host is running Apache Tomcat and is prone to information disclosure vulnerability.

Impact

Successful exploitation will allow remote attackers to read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference. Impact Level: Application

Solution

Upgrade to version 6.0.40, 7.0.54, 8.0.6 or later. For updates refer to refer http://tomcat.apache.org

Insight

The flaw is due to an application does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet

Affected

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://secunia.com/advisories/59732
http://tomcat.apache.org/security-7.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-0119

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
Apple Safari libxml Denial of Service Vulnerability
Apple Safari Webkit Multiple Vulnerabilities - June13 (Mac OS X)
Adobe Reader Multiple Vulnerabilities - Aug07 (Linux)
Adobe Flash Player Unspecified Cross-Site Scripting Vulnerability June-2011 (Linux)

Take action and discover your vulnerabilities