Global infos:

The (1) DOMConverter, (2) JDOMConverter, (3) DOM4JConverter, and (4) XOMConverter functions in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allow remote attackers to read arbitrary files via DOM data containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVE Status: Modified

References:

[email protected]

[email protected]

[email protected]

af854a3a-2127-422b-91ae-364da2661108

af854a3a-2127-422b-91ae-364da2661108

af854a3a-2127-422b-91ae-364da2661108

Metrics:

No CVSS data available

Links:

Exploit-db
Github