Vulnerabilities > CVE-2010-2245 - XXE vulnerability in Apache Wink

CVSS 5.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

PARTIAL

network

apache

CWE-611

NVD

Published: 2017-08-08

Updated: 2017-08-16

Summary

XML External Entity (XXE) vulnerability in Apache Wink 1.1.1 and earlier allows remote attackers to read arbitrary files or cause a denial of service via a crafted XML document.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Wink 0.1 Apache Wink 1.0 Apache Wink 1.1.0 Apache Wink 1.1.1	4

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

http://marc.info/?l=wink-user&m=127843482925387&w=2
https://svn.apache.org/repos/asf/wink/trunk/security/CVE-2010-2245.pdf