[Security update] Apache Tomcat vulnerability allows hackers to read arbitrary files

The National Vulnerability Database has published a new Apache Tomcat vulnerability. The Apache Tomcat vulnerability allows hackers to read arbitrary files via a crafted webaplication that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE).

Apache Tomcat vulnerability

Apache Tomcat is an open source software implementation of the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed under the Java Community Process.

Affected versions

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6