Vulnerabilities > CVE-2017-15691 - XXE vulnerability in Apache products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

apache

CWE-611

NVD

Published: 2018-04-26

Updated: 2023-11-07

Summary

In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML external entity expansion (XXE) capability of various XML parsers. UIMA as part of its configuration and operation may read XML from various sources, which could be tainted in ways to cause inadvertent disclosure of local files or other internal content.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Uimaj 2.1.0 Apache Uimaj 2.2.0 Apache Uimaj 2.2.1 Apache Uimaj 2.2.2 Apache Uimaj 2.3.0 Apache Uimaj 2.3.1 Apache Uimaj 2.4.0 Apache Uimaj 2.4.1 Apache Uimaj 2.4.2 Apache Uimaj 2.5.0 Apache Uimaj 2.6.0 Apache Uimaj 2.7.0 Apache Uimaj 2.8.0 Apache Uimaj 2.8.1 Apache Uimaj 2.9.0 Apache Uimaj 2.10.0 Apache Uimaj 2.10.1 Apache Uimaj 3.0.0 Apache Uima AS 2.3.0 Apache Uima AS 2.3.1 Apache Uima AS 2.4.0 Apache Uima AS 2.4.2 Apache Uima AS 2.6.0 Apache Uima AS 2.8.1 Apache Uima AS 2.9.0 Apache Uimafit 2.0.0 Apache Uimafit 2.1.0 Apache Uimafit 2.2.0 Apache Uimafit 2.3.0 Apache Uimafit 2.3.1 Apache Uimaducc 0.1 Apache Uimaducc 1.0.0 Apache Uimaducc 1.1.0 Apache Uimaducc 2.0.0 Apache Uimaducc 2.0.1 Apache Uimaducc 2.1.0 Apache Uimaducc 2.1.0-0516 Apache Uimaducc 2.1.0-0517 Apache Uimaducc 2.1.0-0524 Apache Uimaducc 2.1.0-0525 Apache Uimaducc 2.1.0-0526 Apache Uimaducc 2.2.0 Apache Uimaducc 2.2.1	45

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Redhat

advisories

rhsa

id	RHSA-2019:1545

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Redhat

References