Description
The (1) DOMConverter, (2) JDOMConverter, (3) DOM4JConverter, and (4) XOMConverter functions in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allow remote attackers to read arbitrary files via DOM data containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Remediation
References
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000117
http://jvn.jp/en/jp/JVN91502163/index.html
http://www.securityfocus.com/bid/71093
Related Vulnerabilities
CVE-2023-26049 Vulnerability in maven package org.eclipse.jetty:jetty-server
CVE-2017-16066 Vulnerability in npm package opencv.js
CVE-2016-5001 Vulnerability in maven package org.apache.hadoop:hadoop-hdfs
CVE-2013-6447 Vulnerability in maven package org.jboss.seam:jboss-seam-remoting
CVE-2022-31051 Vulnerability in npm package semantic-release