Vulnerabilities > CVE-2019-17637 - XXE vulnerability in multiple products

CVSS 7.1 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

local

low complexity

eclipse

debian

CWE-611

NVD

Published: 2020-07-15

Updated: 2023-01-27

Summary

In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences.

Vulnerable Configurations

Part	Description	Count
Application	Eclipse Eclipse WEB Tools Platform 1.0 Eclipse WEB Tools Platform 3.16 Eclipse WEB Tools Platform 3.17 Eclipse WEB Tools Platform 3.18	4
OS	Debian Debian Debian Linux 9.0	1

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=458571
https://lists.debian.org/debian-lts-announce/2020/10/msg00016.html