Description
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Remediation
References
Related Vulnerabilities
WordPress Plugin ABASE Multiple Vulnerabilities (2.6)
WordPress Plugin WooCommerce HTML Injection (6.5.1)
WordPress Plugin Windsor Strava Athlete Unspecified Vulnerability (1.3.5)
WordPress 4.0.x Arbitrary File Deletion Vulnerability (4.0 - 4.0.23)
Oracle Application Server CVE-2007-0280 Vulnerability (CVE-2007-0280)