CVE-2018-8819

Name of the Vulnerable Software and Affected Versions Automated Logic Corporation WebCTRL versions 6.0 through 6.5

Description A security issue was found that allows an unauthenticated attacker to disclose full file contents from the underlying web server OS. This is possible due to a weakly configured XML parser that processes malicious input via the "X-Wap-Profile" HTTP header.

Recommendations For versions 6.0 through 6.5, update the XML parser configuration to prevent the disclosure of file contents. At the moment, there is no information about a newer version that contains a fix for this vulnerability.