CVE-2009-5135

The Echo Java XML parser has an XXE vulnerability: versions before 2.1.1 and 3.x before 3.0.b6 allow remote attackers to read arbitrary files via an external entity declaration combined with an entity reference. Remediation: upgrade to Echo 2.1.1+ or 3.0.b6+.