CVE-2017-15691
N/A
N/A
Summary
In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML external entity expansion (XXE) capability of various XML parsers. UIMA as part of its configuration and operation may read XML from various sources, which could be tainted in ways to cause inadvertent disclosure of local files or other internal content.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache UIMA | uimaj prior to 2.10.2 | affected |
| Apache Software Foundation | Apache UIMA | uimaj 3.0.0-xxx prior to 3.0.0-beta | affected |
| Apache Software Foundation | Apache UIMA | uima-as prior to 2.10.2 | affected |
| Apache Software Foundation | Apache UIMA | uimaFIT prior to 2.4.0 | affected |
| Apache Software Foundation | Apache UIMA | uimaDUCC prior to 2.2.2 | affected |
Weaknesses
- Information Disclosure
ADP Enrichment
CVE Program Container
Additional References
- https://uima.apache.org/security_report#CVE-2017-15691
- https://lists.apache.org/thread.html/00407c65738e625a8cc9d732923a4ab2d8299603cc7c7e5cc2da9c79%40%3Ccommits.uima.apache.org%3E
- https://access.redhat.com/errata/RHSA-2019:1545
References
- https://uima.apache.org/security_report#CVE-2017-15691
- https://lists.apache.org/thread.html/00407c65738e625a8cc9d732923a4ab2d8299603cc7c7e5cc2da9c79%40%3Ccommits.uima.apache.org%3E
- https://access.redhat.com/errata/RHSA-2019:1545
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.