HTTP: Multiple Product XML External Entity Injection Information Disclosure

This signature detects attempts to exploit a known vulnerability through External Entity Injection in various products. A successful attack can lead to unauthorized information disclosure, denial of service, request forgery and security policies bypass.

Extended Description

XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue.

Affected Products

Apache drill

References

BugTraq: 103230 99387 99398 106390

CVE: CVE-2025-49544

URL: http://www.zerodayinitiative.com/advisories/ZDI-22-585/ https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1134596 http://www.zerodayinitiative.com/advisories/ZDI-22-1128/ https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2022-005.pdf http://www.zerodayinitiative.com/advisories/ZDI-23-1043/ http://www.zerodayinitiative.com/advisories/ZDI-23-1037/ http://www.zerodayinitiative.com/advisories/ZDI-23-1039/ https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-05 http://www.zerodayinitiative.com/advisories/ZDI-23-1038/ https://download.sew-eurodrive.com/download/pdf/31965520.pdf http://www.zerodayinitiative.com/advisories/ZDI-24-582/ https://lists.apache.org/thread/9tt0q4bdjwgw0dz0l9knqxjnpb5y6zsl

Short Name

HTTP:STC:XXE-INJ

Severity

Minor

Recommended

True

Recommended Action

Drop

HTTP: Multiple Product XML External Entity Injection Information Disclosure

Extended Description

Affected Products

References

Found a potential security threat?