It was reported that Direct Web Remoting (DWR) is vulnerable to an XML External Entity (XXE) injection flaw. This could possibly be used to read an arbitrary file or possibly perform more advanced XXE attacks. DWR is used in Red Hat Satellite Server 5.6; however, it is not yet clear whether the affected functionality is exposed in that product or not. Reference: http://jvn.jp/en/jp/JVN91502163/