tomcat: information disclosure via XXE when running untrusted web applications
It was found that several application-provided XML files, such as web.xml, content.xml, .tld, .tagx, and .jspx, resolved external entities, permitting XML External Entity XXE attacks. An attacker able to deploy malicious applications to Tomcat could use this flaw to circumvent security restrictio...