HP WebInspect XXE Unauthorized Information Disclosure
Medium Nessus Plugin ID 84194
SynopsisA web security application on the remote host is affected by an unauthorized information disclosure vulnerability.
DescriptionThe version of HP WebInspect installed on the remote Windows host is affected by an unauthorized information disclosure vulnerability due to an XML external entity injection flaw that is triggered during the parsing of XML data. A remote attacker can exploit this, via a malicious website scanned by HP WebInspect, to read arbitrary system files.
SolutionUpgrade to HP WebInspect version 10.40.282.10 (10.4 Software Update 1) or later.
Note that HP has not yet made this update generally available via SmartUpdate, and you must contact HP Support directly for the fix.