QwikSec

Security Database

CVE

CWE

Training

CVE-2016-4434

Published: Sep 29, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks via vectors involving (1) spreadsheets in OOXML files and (2) XMP metadata in PDF and other file formats, a related issue to CVE-2016-2175.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20160526 [CVE-2016-4434] Apache Tika XML External Entity vulnerability

mailing-list

x_refsource_BUGTRAQ

[tika-dev] 20160526 [CVE-2016-4434] Apache Tika XML External Entity vulnerability

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.