XML External Entity (XXE) Vulnerability in Eclipse Web Tools Platform

XML External Entity (XXE) Vulnerability in Eclipse Web Tools Platform

CVE-2019-17637 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences.

Learn more about our Web App Pen Testing.