https://bugzilla.redhat.com/show_bug.cgi?id=1340386
Bug ID: 1340386 Summary: CVE-2016-4434 tika: XML External Entity vulnerability Product: Security Response Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team@redhat.com Reporter: anemec@redhat.com CC: alazarot@redhat.com, aszczucz@redhat.com, bdawidow@redhat.com, bgollahe@redhat.com, bkearney@redhat.com, brms-jira@redhat.com, chazlett@redhat.com, epp-bugs@redhat.com, etirelli@redhat.com, felias@redhat.com, hchiorea@redhat.com, hfnukal@redhat.com, java-sig-commits@lists.fedoraproject.org, jcoleman@redhat.com, jolee@redhat.com, jpallich@redhat.com, kanderso@redhat.com, lpetrovi@redhat.com, mbaluch@redhat.com, meissner@suse.de, mweiler@redhat.com, mwinkler@redhat.com, nwallace@redhat.com, ohudlick@redhat.com, pavelp@redhat.com, puntogil@libero.it, rrajasek@redhat.com, rzhang@redhat.com, rzima@redhat.com, taw@redhat.com, theute@redhat.com, thomas@suse.de, tkasparek@redhat.com, tkirby@redhat.com, tlestach@redhat.com, vhalbert@redhat.com
Apache Tika parses XML within numerous file formats. In some instances, such as spreadsheets in OOXML files, XMP in PDF, and other file formats, the initialization of the XML parser or the choice of handlers did not protect against XML External Entity (XXE) vulnerabilities.
References:
http://seclists.org/oss-sec/2016/q2/413
https://bugzilla.redhat.com/show_bug.cgi?id=1340386
Andrej Nemec anemec@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1340387
--- Comment #1 from Andrej Nemec anemec@redhat.com ---
Created tika tracking bugs for this issue:
Affects: fedora-all [bug 1340387]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1340387 [Bug 1340387] CVE-2016-4434 tika: XML External Entity vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1340386
Andrej Nemec anemec@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1340390
https://bugzilla.redhat.com/show_bug.cgi?id=1340386
Tomas Hoger thoger@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=important,public=201 |impact=important,public=201 |60526,reported=20160526,sou |60526,reported=20160526,sou |rce=oss-security,cvss2=6.8/ |rce=oss-security,cvss2=6.8/ |AV:N/AC:M/Au:N/C:P/I:P/A:P, |AV:N/AC:M/Au:N/C:P/I:P/A:P, |cwe=CWE-611,fedora-all/tika |cwe=CWE-611,fedora-all/tika |=affected,brms-6/tika-core= |=affected,brms-6/tika-core= |new,jdv-6/tika-core=new,brm |new,jdv-6/tika-core=new,brm |s-5/tika-core=new,jpp-6/tik |s-5/tika-core=new,jpp-6/tik |a-core=new,rhn_satellite_5/ |a-core=new,rhn_satellite_5/ |tika=new,dts-3.1/devtoolset |tika=new,dts-3/devtoolset-3 |-3-tika=new,dts-4.0/devtool |-tika=new,dts-4/devtoolset- |set-4-tika=new |4-tika=new
https://bugzilla.redhat.com/show_bug.cgi?id=1340386
Pavel Polischouk pavelp@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=important,public=201 |impact=important,public=201 |60526,reported=20160526,sou |60526,reported=20160526,sou |rce=oss-security,cvss2=6.8/ |rce=oss-security,cvss2=6.8/ |AV:N/AC:M/Au:N/C:P/I:P/A:P, |AV:N/AC:M/Au:N/C:P/I:P/A:P, |cwe=CWE-611,fedora-all/tika |cwe=CWE-611,fedora-all/tika |=affected,brms-6/tika-core= |=affected,brms-6/tika-core= |new,jdv-6/tika-core=new,brm |new,jdv-6/tika-core=new,brm |s-5/tika-core=new,jpp-6/tik |s-5/tika-core=new,jpp-6/tik |a-core=new,rhn_satellite_5/ |a-core=new,rhn_satellite_5/ |tika=new,dts-3/devtoolset-3 |tika=new,dts-3/devtoolset-3 |-tika=new,dts-4/devtoolset- |-tika=new,dts-4/devtoolset- |4-tika=new |4-tika=new,fsw-6/tika=notaf | |fected
https://bugzilla.redhat.com/show_bug.cgi?id=1340386
Pavel Polischouk pavelp@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=important,public=201 |impact=important,public=201 |60526,reported=20160526,sou |60526,reported=20160526,sou |rce=oss-security,cvss2=6.8/ |rce=oss-security,cvss2=6.8/ |AV:N/AC:M/Au:N/C:P/I:P/A:P, |AV:N/AC:M/Au:N/C:P/I:P/A:P, |cwe=CWE-611,fedora-all/tika |cwe=CWE-611,fedora-all/tika |=affected,brms-6/tika-core= |=affected,bpms-6/tika-core= |new,jdv-6/tika-core=new,brm |affected,brms-6/tika-core=a |s-5/tika-core=new,jpp-6/tik |ffected,jdv-6/tika-core=aff |a-core=new,rhn_satellite_5/ |ected,brms-5/tika-core=wont |tika=new,dts-3/devtoolset-3 |fix,jpp-6/tika-core=new,rhn |-tika=new,dts-4/devtoolset- |_satellite_5/tika=new,dts-3 |4-tika=new,fsw-6/tika=notaf |/devtoolset-3-tika=new,dts- |fected |4/devtoolset-4-tika=new,fsw | |-6/tika=notaffected
https://bugzilla.redhat.com/show_bug.cgi?id=1340386
Pavel Polischouk pavelp@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=important,public=201 |impact=important,public=201 |60526,reported=20160526,sou |60526,reported=20160526,sou |rce=oss-security,cvss2=6.8/ |rce=oss-security,cvss2=6.8/ |AV:N/AC:M/Au:N/C:P/I:P/A:P, |AV:N/AC:M/Au:N/C:P/I:P/A:P, |cwe=CWE-611,fedora-all/tika |cwe=CWE-611,fedora-all/tika |=affected,bpms-6/tika-core= |=affected,bpms-6/tika-core= |affected,brms-6/tika-core=a |affected/impact=moderate/cv |ffected,jdv-6/tika-core=aff |ss2=4.4/AV:L/AC:M/Au:N/C:P/ |ected,brms-5/tika-core=wont |I:P/A:P,brms-6/tika-core=af |fix,jpp-6/tika-core=new,rhn |fected/impact=moderate/cvss |_satellite_5/tika=new,dts-3 |2=4.4/AV:L/AC:M/Au:N/C:P/I: |/devtoolset-3-tika=new,dts- |P/A:P,jdv-6/tika-core=affec |4/devtoolset-4-tika=new,fsw |ted,brms-5/tika-core=wontfi |-6/tika=notaffected |x,jpp-6/tika-core=new,rhn_s | |atellite_5/tika=new,dts-3/d | |evtoolset-3-tika=new,dts-4/ | |devtoolset-4-tika=new,fsw-6 | |/tika=notaffected
https://bugzilla.redhat.com/show_bug.cgi?id=1340386
Pavel Polischouk pavelp@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=important,public=201 |impact=important,public=201 |60526,reported=20160526,sou |60526,reported=20160526,sou |rce=oss-security,cvss2=6.8/ |rce=oss-security,cvss2=6.8/ |AV:N/AC:M/Au:N/C:P/I:P/A:P, |AV:N/AC:M/Au:N/C:P/I:P/A:P, |cwe=CWE-611,fedora-all/tika |cvss3=6.3/CVSS:3.0/AV:N/AC: |=affected,bpms-6/tika-core= |L/PR:N/UI:R/S:U/C:L/I:L/A:L |affected/impact=moderate/cv |,cwe=CWE-611,fedora-all/tik |ss2=4.4/AV:L/AC:M/Au:N/C:P/ |a=affected,bpms-6/tika-core |I:P/A:P,brms-6/tika-core=af |=affected/impact=moderate/c |fected/impact=moderate/cvss |vss2=4.4/AV:L/AC:M/Au:N/C:P |2=4.4/AV:L/AC:M/Au:N/C:P/I: |/I:P/A:P,brms-6/tika-core=a |P/A:P,jdv-6/tika-core=affec |ffected/impact=moderate/cvs |ted,brms-5/tika-core=wontfi |s2=4.4/AV:L/AC:M/Au:N/C:P/I |x,jpp-6/tika-core=new,rhn_s |:P/A:P,jdv-6/tika-core=affe |atellite_5/tika=new,dts-3/d |cted,brms-5/tika-core=wontf |evtoolset-3-tika=new,dts-4/ |ix,jpp-6/tika-core=new,rhn_ |devtoolset-4-tika=new,fsw-6 |satellite_5/tika=new,dts-3/ |/tika=notaffected |devtoolset-3-tika=new,dts-4 | |/devtoolset-4-tika=new,fsw- | |6/tika=notaffected
https://bugzilla.redhat.com/show_bug.cgi?id=1340386
Pavel Polischouk pavelp@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=important,public=201 |impact=important,public=201 |60526,reported=20160526,sou |60526,reported=20160526,sou |rce=oss-security,cvss2=6.8/ |rce=oss-security,cvss2=5.8/ |AV:N/AC:M/Au:N/C:P/I:P/A:P, |AV:N/AC:M/Au:N/C:P/I:N/A:P, |cvss3=6.3/CVSS:3.0/AV:N/AC: |cvss3=6.3/CVSS:3.0/AV:N/AC: |L/PR:N/UI:R/S:U/C:L/I:L/A:L |L/PR:N/UI:R/S:U/C:L/I:L/A:L |,cwe=CWE-611,fedora-all/tik |,cwe=CWE-611,fedora-all/tik |a=affected,bpms-6/tika-core |a=affected,bpms-6/tika-core |=affected/impact=moderate/c |=affected/impact=moderate/c |vss2=4.4/AV:L/AC:M/Au:N/C:P |vss2=4.4/AV:L/AC:M/Au:N/C:P |/I:P/A:P,brms-6/tika-core=a |/I:P/A:P,brms-6/tika-core=a |ffected/impact=moderate/cvs |ffected/impact=moderate/cvs |s2=4.4/AV:L/AC:M/Au:N/C:P/I |s2=4.4/AV:L/AC:M/Au:N/C:P/I |:P/A:P,jdv-6/tika-core=affe |:P/A:P,jdv-6/tika-core=affe |cted,brms-5/tika-core=wontf |cted,brms-5/tika-core=wontf |ix,jpp-6/tika-core=new,rhn_ |ix,jpp-6/tika-core=new,rhn_ |satellite_5/tika=new,dts-3/ |satellite_5/tika=new,dts-3/ |devtoolset-3-tika=new,dts-4 |devtoolset-3-tika=new,dts-4 |/devtoolset-4-tika=new,fsw- |/devtoolset-4-tika=new,fsw- |6/tika=notaffected |6/tika=notaffected
https://bugzilla.redhat.com/show_bug.cgi?id=1340386
Pavel Polischouk pavelp@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=important,public=201 |impact=important,public=201 |60526,reported=20160526,sou |60526,reported=20160526,sou |rce=oss-security,cvss2=5.8/ |rce=oss-security,cvss2=5.8/ |AV:N/AC:M/Au:N/C:P/I:N/A:P, |AV:N/AC:M/Au:N/C:P/I:N/A:P, |cvss3=6.3/CVSS:3.0/AV:N/AC: |cvss3=5.4/CVSS:3.0/AV:N/AC: |L/PR:N/UI:R/S:U/C:L/I:L/A:L |L/PR:N/UI:R/S:U/C:L/I:N/A:L |,cwe=CWE-611,fedora-all/tik |,cwe=CWE-611,fedora-all/tik |a=affected,bpms-6/tika-core |a=affected,bpms-6/tika-core |=affected/impact=moderate/c |=affected/impact=moderate/c |vss2=4.4/AV:L/AC:M/Au:N/C:P |vss2=4.4/AV:L/AC:M/Au:N/C:P |/I:P/A:P,brms-6/tika-core=a |/I:P/A:P,brms-6/tika-core=a |ffected/impact=moderate/cvs |ffected/impact=moderate/cvs |s2=4.4/AV:L/AC:M/Au:N/C:P/I |s2=4.4/AV:L/AC:M/Au:N/C:P/I |:P/A:P,jdv-6/tika-core=affe |:P/A:P,jdv-6/tika-core=affe |cted,brms-5/tika-core=wontf |cted,brms-5/tika-core=wontf |ix,jpp-6/tika-core=new,rhn_ |ix,jpp-6/tika-core=new,rhn_ |satellite_5/tika=new,dts-3/ |satellite_5/tika=new,dts-3/ |devtoolset-3-tika=new,dts-4 |devtoolset-3-tika=new,dts-4 |/devtoolset-4-tika=new,fsw- |/devtoolset-4-tika=new,fsw- |6/tika=notaffected |6/tika=notaffected
https://bugzilla.redhat.com/show_bug.cgi?id=1340386
Pavel Polischouk pavelp@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=important,public=201 |impact=moderate,public=2016 |60526,reported=20160526,sou |0526,reported=20160526,sour |rce=oss-security,cvss2=5.8/ |ce=oss-security,cvss2=5.8/A |AV:N/AC:M/Au:N/C:P/I:N/A:P, |V:N/AC:M/Au:N/C:P/I:N/A:P,c |cvss3=5.4/CVSS:3.0/AV:N/AC: |vss3=5.4/CVSS:3.0/AV:N/AC:L |L/PR:N/UI:R/S:U/C:L/I:N/A:L |/PR:N/UI:R/S:U/C:L/I:N/A:L, |,cwe=CWE-611,fedora-all/tik |cwe=CWE-611,fedora-all/tika |a=affected,bpms-6/tika-core |=affected,bpms-6/tika-core= |=affected/impact=moderate/c |affected/cvss2=4.4/AV:L/AC: |vss2=4.4/AV:L/AC:M/Au:N/C:P |M/Au:N/C:P/I:P/A:P,brms-6/t |/I:P/A:P,brms-6/tika-core=a |ika-core=affected/cvss2=4.4 |ffected/impact=moderate/cvs |/AV:L/AC:M/Au:N/C:P/I:P/A:P |s2=4.4/AV:L/AC:M/Au:N/C:P/I |,jdv-6/tika-core=affected,b |:P/A:P,jdv-6/tika-core=affe |rms-5/tika-core=wontfix,jpp |cted,brms-5/tika-core=wontf |-6/tika-core=new,rhn_satell |ix,jpp-6/tika-core=new,rhn_ |ite_5/tika=new,dts-3/devtoo |satellite_5/tika=new,dts-3/ |lset-3-tika=new,dts-4/devto |devtoolset-3-tika=new,dts-4 |olset-4-tika=new,fsw-6/tika |/devtoolset-4-tika=new,fsw- |=notaffected |6/tika=notaffected |
https://bugzilla.redhat.com/show_bug.cgi?id=1340386
Pavel Polischouk pavelp@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Severity|high |medium
https://bugzilla.redhat.com/show_bug.cgi?id=1340386
Pavel Polischouk pavelp@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Priority|high |medium
https://bugzilla.redhat.com/show_bug.cgi?id=1340386
Pavel Polischouk pavelp@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016 |0526,reported=20160526,sour |0526,reported=20160526,sour |ce=oss-security,cvss2=5.8/A |ce=oss-security,cvss2=5.8/A |V:N/AC:M/Au:N/C:P/I:N/A:P,c |V:N/AC:M/Au:N/C:P/I:N/A:P,c |vss3=5.4/CVSS:3.0/AV:N/AC:L |vss3=5.4/CVSS:3.0/AV:N/AC:L |/PR:N/UI:R/S:U/C:L/I:N/A:L, |/PR:N/UI:R/S:U/C:L/I:N/A:L, |cwe=CWE-611,fedora-all/tika |cwe=CWE-611,fedora-all/tika |=affected,bpms-6/tika-core= |=affected,bpms-6/tika-core= |affected/cvss2=4.4/AV:L/AC: |affected/cvss2=3.3/AV:L/AC: |M/Au:N/C:P/I:P/A:P,brms-6/t |M/Au:N/C:P/I:N/A:P/cvss3=4. |ika-core=affected/cvss2=4.4 |4/CVSS:3.0/AV:L/AC:L/PR:N/U |/AV:L/AC:M/Au:N/C:P/I:P/A:P |I:R/S:U/C:L/I:N/A:L,brms-6/ |,jdv-6/tika-core=affected,b |tika-core=affected/cvss2=3. |rms-5/tika-core=wontfix,jpp |3/AV:L/AC:M/Au:N/C:P/I:N/A: |-6/tika-core=new,rhn_satell |P/cvss3=4.4/CVSS:3.0/AV:L/A |ite_5/tika=new,dts-3/devtoo |C:L/PR:N/UI:R/S:U/C:L/I:N/A |lset-3-tika=new,dts-4/devto |:L,jdv-6/tika-core=affected |olset-4-tika=new,fsw-6/tika |,brms-5/tika-core=wontfix,j |=notaffected |pp-6/tika-core=new,rhn_sate | |llite_5/tika=new,dts-3/devt | |oolset-3-tika=new,dts-4/dev | |toolset-4-tika=new,fsw-6/ti | |ka=notaffected
https://bugzilla.redhat.com/show_bug.cgi?id=1340386
Pavel Polischouk pavelp@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1387351 Depends On| |1387352
https://bugzilla.redhat.com/show_bug.cgi?id=1340386
Tomas Hoger thoger@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016 |0526,reported=20160526,sour |0526,reported=20160526,sour |ce=oss-security,cvss2=5.8/A |ce=oss-security,cvss2=5.8/A |V:N/AC:M/Au:N/C:P/I:N/A:P,c |V:N/AC:M/Au:N/C:P/I:N/A:P,c |vss3=5.4/CVSS:3.0/AV:N/AC:L |vss3=5.4/CVSS:3.0/AV:N/AC:L |/PR:N/UI:R/S:U/C:L/I:N/A:L, |/PR:N/UI:R/S:U/C:L/I:N/A:L, |cwe=CWE-611,fedora-all/tika |cwe=CWE-611,fedora-all/tika |=affected,bpms-6/tika-core= |=affected,bpms-6/tika-core= |affected/cvss2=3.3/AV:L/AC: |affected/cvss2=3.3/AV:L/AC: |M/Au:N/C:P/I:N/A:P/cvss3=4. |M/Au:N/C:P/I:N/A:P/cvss3=4. |4/CVSS:3.0/AV:L/AC:L/PR:N/U |4/CVSS:3.0/AV:L/AC:L/PR:N/U |I:R/S:U/C:L/I:N/A:L,brms-6/ |I:R/S:U/C:L/I:N/A:L,brms-6/ |tika-core=affected/cvss2=3. |tika-core=affected/cvss2=3. |3/AV:L/AC:M/Au:N/C:P/I:N/A: |3/AV:L/AC:M/Au:N/C:P/I:N/A: |P/cvss3=4.4/CVSS:3.0/AV:L/A |P/cvss3=4.4/CVSS:3.0/AV:L/A |C:L/PR:N/UI:R/S:U/C:L/I:N/A |C:L/PR:N/UI:R/S:U/C:L/I:N/A |:L,jdv-6/tika-core=affected |:L,jdv-6/tika-core=affected |,brms-5/tika-core=wontfix,j |,brms-5/tika-core=wontfix,j |pp-6/tika-core=new,rhn_sate |pp-6/tika-core=new,rhn_sate |llite_5/tika=new,dts-3/devt |llite_5/tika=new,dts-3/devt |oolset-3-tika=new,dts-4/dev |oolset-3-tika=wontfix,dts-4 |toolset-4-tika=new,fsw-6/ti |/devtoolset-4-tika=new,fsw- |ka=notaffected |6/tika=notaffected
https://bugzilla.redhat.com/show_bug.cgi?id=1340386
Pavel Polischouk pavelp@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016 |0526,reported=20160526,sour |0526,reported=20160526,sour |ce=oss-security,cvss2=5.8/A |ce=oss-security,cvss2=5.8/A |V:N/AC:M/Au:N/C:P/I:N/A:P,c |V:N/AC:M/Au:N/C:P/I:N/A:P,c |vss3=5.4/CVSS:3.0/AV:N/AC:L |vss3=5.4/CVSS:3.0/AV:N/AC:L |/PR:N/UI:R/S:U/C:L/I:N/A:L, |/PR:N/UI:R/S:U/C:L/I:N/A:L, |cwe=CWE-611,fedora-all/tika |cwe=CWE-611,fedora-all/tika |=affected,bpms-6/tika-core= |=affected,bpms-6/tika-core= |affected/cvss2=3.3/AV:L/AC: |affected/cvss2=3.3/AV:L/AC: |M/Au:N/C:P/I:N/A:P/cvss3=4. |M/Au:N/C:P/I:N/A:P/cvss3=4. |4/CVSS:3.0/AV:L/AC:L/PR:N/U |4/CVSS:3.0/AV:L/AC:L/PR:N/U |I:R/S:U/C:L/I:N/A:L,brms-6/ |I:R/S:U/C:L/I:N/A:L,brms-6/ |tika-core=affected/cvss2=3. |tika-core=affected/cvss2=3. |3/AV:L/AC:M/Au:N/C:P/I:N/A: |3/AV:L/AC:M/Au:N/C:P/I:N/A: |P/cvss3=4.4/CVSS:3.0/AV:L/A |P/cvss3=4.4/CVSS:3.0/AV:L/A |C:L/PR:N/UI:R/S:U/C:L/I:N/A |C:L/PR:N/UI:R/S:U/C:L/I:N/A |:L,jdv-6/tika-core=affected |:L,jdv-6/tika-core=affected |,brms-5/tika-core=wontfix,j |,jdv-7/tika-core=affected,b |pp-6/tika-core=new,rhn_sate |rms-5/tika-core=wontfix,jpp |llite_5/tika=new,dts-3/devt |-6/tika-core=new,rhn_satell |oolset-3-tika=wontfix,dts-4 |ite_5/tika=new,dts-3/devtoo |/devtoolset-4-tika=new,fsw- |lset-3-tika=wontfix,dts-4/d |6/tika=notaffected |evtoolset-4-tika=new,fsw-6/ | |tika=notaffected
https://bugzilla.redhat.com/show_bug.cgi?id=1340386
Chess Hazlett chazlett@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016 |0526,reported=20160526,sour |0526,reported=20160526,sour |ce=oss-security,cvss2=5.8/A |ce=oss-security,cvss2=5.8/A |V:N/AC:M/Au:N/C:P/I:N/A:P,c |V:N/AC:M/Au:N/C:P/I:N/A:P,c |vss3=5.4/CVSS:3.0/AV:N/AC:L |vss3=5.4/CVSS:3.0/AV:N/AC:L |/PR:N/UI:R/S:U/C:L/I:N/A:L, |/PR:N/UI:R/S:U/C:L/I:N/A:L, |cwe=CWE-611,fedora-all/tika |cwe=CWE-611,fedora-all/tika |=affected,bpms-6/tika-core= |=affected,bpms-6/tika-core= |affected/cvss2=3.3/AV:L/AC: |affected/cvss2=3.3/AV:L/AC: |M/Au:N/C:P/I:N/A:P/cvss3=4. |M/Au:N/C:P/I:N/A:P/cvss3=4. |4/CVSS:3.0/AV:L/AC:L/PR:N/U |4/CVSS:3.0/AV:L/AC:L/PR:N/U |I:R/S:U/C:L/I:N/A:L,brms-6/ |I:R/S:U/C:L/I:N/A:L,brms-6/ |tika-core=affected/cvss2=3. |tika-core=affected/cvss2=3. |3/AV:L/AC:M/Au:N/C:P/I:N/A: |3/AV:L/AC:M/Au:N/C:P/I:N/A: |P/cvss3=4.4/CVSS:3.0/AV:L/A |P/cvss3=4.4/CVSS:3.0/AV:L/A |C:L/PR:N/UI:R/S:U/C:L/I:N/A |C:L/PR:N/UI:R/S:U/C:L/I:N/A |:L,jdv-6/tika-core=affected |:L,jdv-6/tika-core=affected |,jdv-7/tika-core=affected,b |,jdv-7/tika-core=affected,b |rms-5/tika-core=wontfix,jpp |rms-5/tika-core=wontfix,jpp |-6/tika-core=new,rhn_satell |-6/tika-core=wontfix,rhn_sa |ite_5/tika=new,dts-3/devtoo |tellite_5/tika=new,dts-3/de |lset-3-tika=wontfix,dts-4/d |vtoolset-3-tika=wontfix,dts |evtoolset-4-tika=new,fsw-6/ |-4/devtoolset-4-tika=new,fs |tika=notaffected |w-6/tika=notaffected
https://bugzilla.redhat.com/show_bug.cgi?id=1340386 Bug 1340386 depends on bug 1340387, which changed state.
Bug 1340387 Summary: CVE-2016-4434 tika: XML External Entity vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1340387
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL
https://bugzilla.redhat.com/show_bug.cgi?id=1340386 Bug 1340386 depends on bug 1340387, which changed state.
Bug 1340387 Summary: CVE-2016-4434 tika: XML External Entity vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1340387
What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |NEW Resolution|EOL |---
https://bugzilla.redhat.com/show_bug.cgi?id=1340386
Pavel Polischouk pavelp@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Doc Type|If docs needed, set a value |Bug Fix
--- Doc Text *updated* --- It was found that the parsing of OOXML, XMP in PDF, and some other file formats by Apache Tika would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
https://bugzilla.redhat.com/show_bug.cgi?id=1340386
Pavel Polischouk pavelp@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1412839
https://bugzilla.redhat.com/show_bug.cgi?id=1340386
Pavel Polischouk pavelp@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016 |0526,reported=20160526,sour |0526,reported=20160526,sour |ce=oss-security,cvss2=5.8/A |ce=oss-security,cvss2=5.8/A |V:N/AC:M/Au:N/C:P/I:N/A:P,c |V:N/AC:M/Au:N/C:P/I:N/A:P,c |vss3=5.4/CVSS:3.0/AV:N/AC:L |vss3=5.4/CVSS:3.0/AV:N/AC:L |/PR:N/UI:R/S:U/C:L/I:N/A:L, |/PR:N/UI:R/S:U/C:L/I:N/A:L, |cwe=CWE-611,fedora-all/tika |cwe=CWE-611,fedora-all/tika |=affected,bpms-6/tika-core= |=affected,bpms-6/tika-core= |affected/cvss2=3.3/AV:L/AC: |affected/cvss2=3.3/AV:L/AC: |M/Au:N/C:P/I:N/A:P/cvss3=4. |M/Au:N/C:P/I:N/A:P/cvss3=4. |4/CVSS:3.0/AV:L/AC:L/PR:N/U |4/CVSS:3.0/AV:L/AC:L/PR:N/U |I:R/S:U/C:L/I:N/A:L,brms-6/ |I:R/S:U/C:L/I:N/A:L,brms-6/ |tika-core=affected/cvss2=3. |tika-core=affected/cvss2=3. |3/AV:L/AC:M/Au:N/C:P/I:N/A: |3/AV:L/AC:M/Au:N/C:P/I:N/A: |P/cvss3=4.4/CVSS:3.0/AV:L/A |P/cvss3=4.4/CVSS:3.0/AV:L/A |C:L/PR:N/UI:R/S:U/C:L/I:N/A |C:L/PR:N/UI:R/S:U/C:L/I:N/A |:L,jdv-6/tika-core=affected |:L,jdv-6/tika-core=affected |,jdv-7/tika-core=affected,b |,brms-5/tika-core=wontfix,j |rms-5/tika-core=wontfix,jpp |pp-6/tika-core=wontfix,rhn_ |-6/tika-core=wontfix,rhn_sa |satellite_5/tika=new,dts-3/ |tellite_5/tika=new,dts-3/de |devtoolset-3-tika=wontfix,d |vtoolset-3-tika=wontfix,dts |ts-4/devtoolset-4-tika=new, |-4/devtoolset-4-tika=new,fs |fsw-6/tika=notaffected |w-6/tika=notaffected |
https://bugzilla.redhat.com/show_bug.cgi?id=1340386
Pavel Polischouk pavelp@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1415286
https://bugzilla.redhat.com/show_bug.cgi?id=1340386
--- Comment #4 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Via RHSA-2017:0249 https://rhn.redhat.com/errata/RHSA-2017-0249.html
https://bugzilla.redhat.com/show_bug.cgi?id=1340386
--- Comment #5 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Via RHSA-2017:0248 https://rhn.redhat.com/errata/RHSA-2017-0248.html
https://bugzilla.redhat.com/show_bug.cgi?id=1340386
--- Comment #6 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Via RHSA-2017:0272 https://rhn.redhat.com/errata/RHSA-2017-0272.html
https://bugzilla.redhat.com/show_bug.cgi?id=1340386
Pavel Polischouk pavelp@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |ERRATA Last Closed| |2017-04-18 19:10:16
https://bugzilla.redhat.com/show_bug.cgi?id=1340386 Bug 1340386 depends on bug 1340387, which changed state.
Bug 1340387 Summary: CVE-2016-4434 tika: XML External Entity vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1340387
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
java-sig-commits@lists.fedoraproject.org