QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2017-15691

Back to search

CVE-2017-15691

Published: Apr 26, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML external entity expansion (XXE) capability of various XML parsers. UIMA as part of its configuration and operation may read XML from various sources, which could be tainted in ways to cause inadvertent disclosure of local files or other internal content.

VendorProductVersions

Apache Software Foundation

Apache UIMA

affected
uimaj prior to 2.10.2
affected
uimaj 3.0.0-xxx prior to 3.0.0-beta
affected
uima-as prior to 2.10.2
affected
uimaFIT prior to 2.4.0
affected
uimaDUCC prior to 2.2.2

References

RHSA-2019:1545
vendor-advisory
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now