cbcvebase.
CVE-2009-5135
published 2013-05-02

CVE-2009-5135: The Java XML parser in Echo before 2.1.1 and 3.x before 3.0.b6 allows remote attackers to read arbitrary files via a request containing an external entity…

PriorityP341medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
9.92%
95.0th percentile
The Java XML parser in Echo before 2.1.1 and 3.x before 3.0.b6 allows remote attackers to read arbitrary files via a request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected

5 ranges
VendorProductVersion rangeFixed in
nextappecho<= 2.1.0
nextappecho
nextappecho
nextappecho
nextappecho
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.