Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-15691

In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML external entity expansion (XXE) capability of various XML parsers. UIMA as part of its configuration and operation may read XML from various sources, which could be tainted in ways to cause inadvertent disclosure of local files or other internal content.

Published

2018-04-26T17:29:00.293

Last Modified

2024-11-21T03:15:00.780

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-611

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	uimaj	< 2.10.2	Yes
Application	apache	uimaj	3.0.0	Yes
Application	apache	uimaj	3.0.0	Yes
Application	apache	uimaj	3.0.0	Yes
Application	apache	uima-as	< 2.10.2	Yes
Application	apache	uimafit	< 2.4.0	Yes
Application	apache	uimaducc	< 2.2.2	Yes

References

https://access.redhat.com/errata/RHSA-2019:1545 ([email protected])
https://lists.apache.org/thread.html/00407c65738e625a8cc9d732923a4ab2d8299603cc7c7e5cc2da9c79%40%3Ccommits.uima.apache.org%3E ([email protected])
https://uima.apache.org/security_report#CVE-2017-15691 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2019:1545 (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/00407c65738e625a8cc9d732923a4ab2d8299603cc7c7e5cc2da9c79%40%3Ccommits.uima.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://uima.apache.org/security_report#CVE-2017-15691 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)