Vulnerabilities > CVE-2016-2175
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 16 | |
| OS | 1 |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2016-A07CF79284.NASL description Security fix for CVE-2016-2175 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-07-19 plugin id 92391 published 2016-07-19 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92391 title Fedora 24 : pdfbox (2016-a07cf79284) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2016-a07cf79284. # include("compat.inc"); if (description) { script_id(92391); script_version("2.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-2175"); script_xref(name:"FEDORA", value:"2016-a07cf79284"); script_name(english:"Fedora 24 : pdfbox (2016-a07cf79284)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix for CVE-2016-2175 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-a07cf79284" ); script_set_attribute( attribute:"solution", value:"Update the affected pdfbox package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:pdfbox"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/01"); script_set_attribute(attribute:"patch_publication_date", value:"2016/07/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/19"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC24", reference:"pdfbox-1.8.11-2.fc24")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pdfbox"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3606.NASL description It was discovered that pdfbox, a PDF library for Java, was susceptible to XML External Entity attacks. last seen 2020-06-01 modified 2020-06-02 plugin id 91837 published 2016-06-27 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91837 title Debian DSA-3606-1 : libpdfbox-java - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-3606. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(91837); script_version("2.7"); script_cvs_date("Date: 2018/11/10 11:49:37"); script_cve_id("CVE-2016-2175"); script_xref(name:"DSA", value:"3606"); script_name(english:"Debian DSA-3606-1 : libpdfbox-java - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "It was discovered that pdfbox, a PDF library for Java, was susceptible to XML External Entity attacks." ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/libpdfbox-java" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2016/dsa-3606" ); script_set_attribute( attribute:"solution", value: "Upgrade the libpdfbox-java packages. For the stable distribution (jessie), this problem has been fixed in version 1:1.8.7+dfsg-1+deb8u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpdfbox-java"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"patch_publication_date", value:"2016/06/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"libfontbox-java", reference:"1:1.8.7+dfsg-1+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libfontbox-java-doc", reference:"1:1.8.7+dfsg-1+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libjempbox-java", reference:"1:1.8.7+dfsg-1+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libjempbox-java-doc", reference:"1:1.8.7+dfsg-1+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libpdfbox-java", reference:"1:1.8.7+dfsg-1+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libpdfbox-java-doc", reference:"1:1.8.7+dfsg-1+deb8u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2016-3F30A5FAEB.NASL description Security fix for CVE-2016-2175 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-07-15 plugin id 92244 published 2016-07-15 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92244 title Fedora 23 : pdfbox (2016-3f30a5faeb) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2016-3f30a5faeb. # include("compat.inc"); if (description) { script_id(92244); script_version("2.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-2175"); script_xref(name:"FEDORA", value:"2016-3f30a5faeb"); script_name(english:"Fedora 23 : pdfbox (2016-3f30a5faeb)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix for CVE-2016-2175 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-3f30a5faeb" ); script_set_attribute( attribute:"solution", value:"Update the affected pdfbox package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:pdfbox"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:23"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/01"); script_set_attribute(attribute:"patch_publication_date", value:"2016/07/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^23([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 23", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC23", reference:"pdfbox-1.8.8-6.fc23")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pdfbox"); }NASL family Debian Local Security Checks NASL id DEBIAN_DLA-505.NASL description Apache PDFBox did not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF. This may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. For Debian 7 last seen 2020-03-17 modified 2016-06-09 plugin id 91522 published 2016-06-09 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91522 title Debian DLA-505-1 : libpdfbox-java security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-505-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(91522); script_version("2.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2016-2175"); script_name(english:"Debian DLA-505-1 : libpdfbox-java security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Apache PDFBox did not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF. This may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. For Debian 7 'Wheezy', these problems have been fixed in version 1:1.7.0+dfsg-4+deb7u1. We recommend that you upgrade your libpdfbox-java packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2016/06/msg00008.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/libpdfbox-java" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libfontbox-java"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libfontbox-java-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libjempbox-java"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libjempbox-java-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpdfbox-java"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpdfbox-java-doc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2016/06/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"libfontbox-java", reference:"1:1.7.0+dfsg-4+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libfontbox-java-doc", reference:"1:1.7.0+dfsg-4+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libjempbox-java", reference:"1:1.7.0+dfsg-4+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libjempbox-java-doc", reference:"1:1.7.0+dfsg-4+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libpdfbox-java", reference:"1:1.7.0+dfsg-4+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libpdfbox-java-doc", reference:"1:1.7.0+dfsg-4+deb7u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Redhat
| advisories |
|
References
- http://svn.apache.org/viewvc?view=revision&revision=1739565
- http://svn.apache.org/viewvc?view=revision&revision=1739564
- http://www.debian.org/security/2016/dsa-3606
- http://packetstormsecurity.com/files/137214/Apache-PDFBox-1.8.11-2.0.0-XML-Injection.html
- http://www.securityfocus.com/bid/90902
- http://rhn.redhat.com/errata/RHSA-2017-0272.html
- http://rhn.redhat.com/errata/RHSA-2017-0249.html
- http://rhn.redhat.com/errata/RHSA-2017-0248.html
- http://rhn.redhat.com/errata/RHSA-2017-0179.html
- http://www.securityfocus.com/archive/1/538503/100/0/threaded
- http://mail-archives.us.apache.org/mod_mbox/www-announce/201605.mbox/%3C83a03bcf-f86b-4688-37b5-615c080291d8%40apache.org%3E
- https://lists.apache.org/thread.html/ad5fbc86c1d1821ae1b963e8561ab6d6a5f66b2848e84f5a31477f54%40%3Ccommits.tika.apache.org%3E