CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-17637

In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 38.6%

CVSS Severity

CVSS v3 Score 7.1

CVSS v2 Score 5.8

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=458571
https://lists.debian.org/debian-lts-announce/2020/10/msg00016.html
https://bugs.eclipse.org/bugs/show_bug.cgi?id=458571
https://lists.debian.org/debian-lts-announce/2020/10/msg00016.html

Products affected by CVE-2019-17637

Eclipse » Web Tools Platform » Version: 1.0

cpe:2.3:a:eclipse:web_tools_platform:1.0
Eclipse » Web Tools Platform » Version: 3.16

cpe:2.3:a:eclipse:web_tools_platform:3.16
Eclipse » Web Tools Platform » Version: 3.17

cpe:2.3:a:eclipse:web_tools_platform:3.17
Eclipse » Web Tools Platform » Version: 3.18

cpe:2.3:a:eclipse:web_tools_platform:3.18
Debian » Debian Linux » Version: 9.0

cpe:2.3:o:debian:debian_linux:9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-17637

Products

Pricing

Contact Us