CVE-2019-17637: XEE
First published: Wed Jul 15 2020(Updated: )
In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences.
Credit: emo@eclipse.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eclipse Web Tools Platform | >=1.0<=3.18 | |
| Debian Linux | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-17637?
CVE-2019-17637 has been assigned a medium severity rating due to its potential for data exposure.
How do I fix CVE-2019-17637?
To mitigate CVE-2019-17637, upgrade to a version of Eclipse Web Tools Platform later than 3.18.
What are the potential risks associated with CVE-2019-17637?
The main risk of CVE-2019-17637 is unauthorized access to sensitive local files through external entity exploitation.
Which versions of Eclipse Web Tools Platform are affected by CVE-2019-17637?
All versions of Eclipse Web Tools Platform up to and including 3.18 are affected by CVE-2019-17637.
Can CVE-2019-17637 be exploited without user interaction?
Yes, CVE-2019-17637 can be exploited when XML or DTD files are edited or validated by the user.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/remedy
- agent/author
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/eclipse
- canonical/eclipse web tools platform
- version/eclipse web tools platform/1.0
- version/eclipse web tools platform/3.18
- vendor/debian
- canonical/debian linux
- version/debian linux/9.0