CVE-2016-2175 - Vulnerability Details

Vendors	Products
Apache	Pdfbox
Debian	Debian Linux
Redhat	Jboss Amq Jboss Bpms Jboss Data Virtualization Jboss Enterprise Brms Platform Jboss Fuse

Package	CPE	Advisory	Released Date
Red Hat JBoss A-MQ 6.3
	cpe:/a:redhat:jboss_amq:6.3	RHSA-2017:0179	2017-01-19T00:00:00Z
Red Hat JBoss BPMS 6.4
	cpe:/a:redhat:jboss_bpms:6.4	RHSA-2017:0249	2017-02-02T00:00:00Z
Red Hat JBoss BRMS 6.4
	cpe:/a:redhat:jboss_enterprise_brms_platform:6.4	RHSA-2017:0248	2017-02-02T00:00:00Z
Red Hat JBoss Data Virtualization 6.3
pdfbox	cpe:/a:redhat:jboss_data_virtualization:6.3	RHSA-2017:0272	2017-02-14T00:00:00Z
Red Hat JBoss Fuse 6.3
	cpe:/a:redhat:jboss_fuse:6.3	RHSA-2017:0179	2017-01-19T00:00:00Z

Link	Providers
http://mail-archives.us.apache.org/mod_mbox/www-announce/201605.mbox/%3C83a03bcf-f86b-4688-37b5-615c080291d8%40apache.org%3E
http://packetstormsecurity.com/files/137214/Apache-PDFBox-1.8.11-2.0.0-XML-Injection.html
http://rhn.redhat.com/errata/RHSA-2017-0179.html
http://rhn.redhat.com/errata/RHSA-2017-0248.html
http://rhn.redhat.com/errata/RHSA-2017-0249.html
http://rhn.redhat.com/errata/RHSA-2017-0272.html
http://svn.apache.org/viewvc?view=revision&revision=1739564
http://svn.apache.org/viewvc?view=revision&revision=1739565
http://www.debian.org/security/2016/dsa-3606
http://www.securityfocus.com/archive/1/538503/100/0/threaded
http://www.securityfocus.com/bid/90902
https://lists.apache.org/thread.html/ad5fbc86c1d1821ae1b963e8561ab6d6a5f66b2848e84f5a31477f54%40%3Ccommits.tika.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2016-2175
https://www.cve.org/CVERecord?id=CVE-2016-2175

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-05-27T00:00:00", "descriptions": [{"lang": "en", "value": "Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-02T19:06:06", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2017:0179", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0179.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/137214/Apache-PDFBox-1.8.11-2.0.0-XML-Injection.html"}, {"name": "[www-announce] 20160527 [CVE-2016-2175] Apache PDFBox XML External Entity vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201605.mbox/%3C83a03bcf-f86b-4688-37b5-615c080291d8%40apache.org%3E"}, {"name": "DSA-3606", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3606"}, {"name": "20160527 [CVE-2016-2175] Apache PDFBox XML External Entity vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/538503/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1739564"}, {"name": "90902", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/90902"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1739565"}, {"name": "RHSA-2017:0272", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0272.html"}, {"name": "RHSA-2017:0248", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0248.html"}, {"name": "RHSA-2017:0249", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0249.html"}, {"name": "[tika-commits] 20190802 svn commit: r1864259 [1/17] - in /tika/site: publish/ publish/1.10/ publish/1.11/ publish/1.12/ publish/1.13/ publish/1.14/ publish/1.15/ publish/1.16/ publish/1.17/ publish/1.18/ publish/1.19.1/ publish/1.19/ publish/1.20/ publish/1.21/ publish/1.22/ ...", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/ad5fbc86c1d1821ae1b963e8561ab6d6a5f66b2848e84f5a31477f54%40%3Ccommits.tika.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-2175", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2017:0179", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0179.html"}, {"name": "http://packetstormsecurity.com/files/137214/Apache-PDFBox-1.8.11-2.0.0-XML-Injection.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/137214/Apache-PDFBox-1.8.11-2.0.0-XML-Injection.html"}, {"name": "[www-announce] 20160527 [CVE-2016-2175] Apache PDFBox XML External Entity vulnerability", "refsource": "MLIST", "url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201605.mbox/%3C83a03bcf-f86b-4688-37b5-615c080291d8@apache.org%3E"}, {"name": "DSA-3606", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3606"}, {"name": "20160527 [CVE-2016-2175] Apache PDFBox XML External Entity vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/538503/100/0/threaded"}, {"name": "http://svn.apache.org/viewvc?view=revision&revision=1739564", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=revision&revision=1739564"}, {"name": "90902", "refsource": "BID", "url": "http://www.securityfocus.com/bid/90902"}, {"name": "http://svn.apache.org/viewvc?view=revision&revision=1739565", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=revision&revision=1739565"}, {"name": "RHSA-2017:0272", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0272.html"}, {"name": "RHSA-2017:0248", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0248.html"}, {"name": "RHSA-2017:0249", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0249.html"}, {"name": "[tika-commits] 20190802 svn commit: r1864259 [1/17] - in /tika/site: publish/ publish/1.10/ publish/1.11/ publish/1.12/ publish/1.13/ publish/1.14/ publish/1.15/ publish/1.16/ publish/1.17/ publish/1.18/ publish/1.19.1/ publish/1.19/ publish/1.20/ publish/1.21/ publish/1.22/ ...", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ad5fbc86c1d1821ae1b963e8561ab6d6a5f66b2848e84f5a31477f54@%3Ccommits.tika.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:17:50.579Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2017:0179", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0179.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/137214/Apache-PDFBox-1.8.11-2.0.0-XML-Injection.html"}, {"name": "[www-announce] 20160527 [CVE-2016-2175] Apache PDFBox XML External Entity vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201605.mbox/%3C83a03bcf-f86b-4688-37b5-615c080291d8%40apache.org%3E"}, {"name": "DSA-3606", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3606"}, {"name": "20160527 [CVE-2016-2175] Apache PDFBox XML External Entity vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/538503/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1739564"}, {"name": "90902", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/90902"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1739565"}, {"name": "RHSA-2017:0272", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0272.html"}, {"name": "RHSA-2017:0248", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0248.html"}, {"name": "RHSA-2017:0249", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0249.html"}, {"name": "[tika-commits] 20190802 svn commit: r1864259 [1/17] - in /tika/site: publish/ publish/1.10/ publish/1.11/ publish/1.12/ publish/1.13/ publish/1.14/ publish/1.15/ publish/1.16/ publish/1.17/ publish/1.18/ publish/1.19.1/ publish/1.19/ publish/1.20/ publish/1.21/ publish/1.22/ ...", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/ad5fbc86c1d1821ae1b963e8561ab6d6a5f66b2848e84f5a31477f54%40%3Ccommits.tika.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-2175", "datePublished": "2016-06-01T20:00:00", "dateReserved": "2016-01-29T00:00:00", "dateUpdated": "2024-08-05T23:17:50.579Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2016-05-27T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2019-08-02T19:06:06 (string)

orgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

shortName : redhat (string)

}

references : [ »

0 : { »

name : RHSA-2017:0179 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2017-0179.html (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://packetstormsecurity.com/files/137214/Apache-PDFBox-1.8.11-2.0.0-XML-Injection.html (string)

}

2 : { »

name : [www-announce] 20160527 [CVE-2016-2175] Apache PDFBox XML External Entity vulnerability (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : http://mail-archives.us.apache.org/mod_mbox/www-announce/201605.mbox/%3C83a03bcf-f86b-4688-37b5-615c080291d8%40apache.org%3E (string)

}

3 : { »

name : DSA-3606 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2016/dsa-3606 (string)

}

4 : { »

name : 20160527 [CVE-2016-2175] Apache PDFBox XML External Entity vulnerability (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

]

url : http://www.securityfocus.com/archive/1/538503/100/0/threaded (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://svn.apache.org/viewvc?view=revision&revision=1739564 (string)

}

6 : { »

name : 90902 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/90902 (string)

}

7 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://svn.apache.org/viewvc?view=revision&revision=1739565 (string)

}

8 : { »

name : RHSA-2017:0272 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2017-0272.html (string)

}

9 : { »

name : RHSA-2017:0248 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2017-0248.html (string)

}

10 : { »

name : RHSA-2017:0249 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2017-0249.html (string)

}

11 : { »

name : [tika-commits] 20190802 svn commit: r1864259 [1/17] - in /tika/site: publish/ publish/1.10/ publish/1.11/ publish/1.12/ publish/1.13/ publish/1.14/ publish/1.15/ publish/1.16/ publish/1.17/ publish/1.18/ publish/1.19.1/ publish/1.19/ publish/1.20/ publish/1.21/ publish/1.22/ ... (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.apache.org/thread.html/ad5fbc86c1d1821ae1b963e8561ab6d6a5f66b2848e84f5a31477f54%40%3Ccommits.tika.apache.org%3E (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : secalert@redhat.com (string)

ID : CVE-2016-2175 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : RHSA-2017:0179 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2017-0179.html (string)

}

1 : { »

name : http://packetstormsecurity.com/files/137214/Apache-PDFBox-1.8.11-2.0.0-XML-Injection.html (string)

refsource : MISC (string)

url : http://packetstormsecurity.com/files/137214/Apache-PDFBox-1.8.11-2.0.0-XML-Injection.html (string)

}

2 : { »

name : [www-announce] 20160527 [CVE-2016-2175] Apache PDFBox XML External Entity vulnerability (string)

refsource : MLIST (string)

url : http://mail-archives.us.apache.org/mod_mbox/www-announce/201605.mbox/%3C83a03bcf-f86b-4688-37b5-615c080291d8@apache.org%3E (string)

}

3 : { »

name : DSA-3606 (string)

refsource : DEBIAN (string)

url : http://www.debian.org/security/2016/dsa-3606 (string)

}

4 : { »

name : 20160527 [CVE-2016-2175] Apache PDFBox XML External Entity vulnerability (string)

refsource : BUGTRAQ (string)

url : http://www.securityfocus.com/archive/1/538503/100/0/threaded (string)

}

5 : { »

name : http://svn.apache.org/viewvc?view=revision&revision=1739564 (string)

refsource : CONFIRM (string)

url : http://svn.apache.org/viewvc?view=revision&revision=1739564 (string)

}

6 : { »

name : 90902 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/90902 (string)

}

7 : { »

name : http://svn.apache.org/viewvc?view=revision&revision=1739565 (string)

refsource : CONFIRM (string)

url : http://svn.apache.org/viewvc?view=revision&revision=1739565 (string)

}

8 : { »

name : RHSA-2017:0272 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2017-0272.html (string)

}

9 : { »

name : RHSA-2017:0248 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2017-0248.html (string)

}

10 : { »

name : RHSA-2017:0249 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2017-0249.html (string)

}

11 : { »

name : [tika-commits] 20190802 svn commit: r1864259 [1/17] - in /tika/site: publish/ publish/1.10/ publish/1.11/ publish/1.12/ publish/1.13/ publish/1.14/ publish/1.15/ publish/1.16/ publish/1.17/ publish/1.18/ publish/1.19.1/ publish/1.19/ publish/1.20/ publish/1.21/ publish/1.22/ ... (string)

refsource : MLIST (string)

url : https://lists.apache.org/thread.html/ad5fbc86c1d1821ae1b963e8561ab6d6a5f66b2848e84f5a31477f54@%3Ccommits.tika.apache.org%3E (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T23:17:50.579Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : RHSA-2017:0179 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2017-0179.html (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://packetstormsecurity.com/files/137214/Apache-PDFBox-1.8.11-2.0.0-XML-Injection.html (string)

}

2 : { »

name : [www-announce] 20160527 [CVE-2016-2175] Apache PDFBox XML External Entity vulnerability (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : http://mail-archives.us.apache.org/mod_mbox/www-announce/201605.mbox/%3C83a03bcf-f86b-4688-37b5-615c080291d8%40apache.org%3E (string)

}

3 : { »

name : DSA-3606 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2016/dsa-3606 (string)

}

4 : { »

name : 20160527 [CVE-2016-2175] Apache PDFBox XML External Entity vulnerability (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/archive/1/538503/100/0/threaded (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://svn.apache.org/viewvc?view=revision&revision=1739564 (string)

}

6 : { »

name : 90902 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/90902 (string)

}

7 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://svn.apache.org/viewvc?view=revision&revision=1739565 (string)

}

8 : { »

name : RHSA-2017:0272 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2017-0272.html (string)

}

9 : { »

name : RHSA-2017:0248 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2017-0248.html (string)

}

10 : { »

name : RHSA-2017:0249 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2017-0249.html (string)

}

11 : { »

name : [tika-commits] 20190802 svn commit: r1864259 [1/17] - in /tika/site: publish/ publish/1.10/ publish/1.11/ publish/1.12/ publish/1.13/ publish/1.14/ publish/1.15/ publish/1.16/ publish/1.17/ publish/1.18/ publish/1.19.1/ publish/1.19/ publish/1.20/ publish/1.21/ publish/1.22/ ... (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/ad5fbc86c1d1821ae1b963e8561ab6d6a5f66b2848e84f5a31477f54%40%3Ccommits.tika.apache.org%3E (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

assignerShortName : redhat (string)

cveId : CVE-2016-2175 (string)

datePublished : 2016-06-01T20:00:00 (string)

dateReserved : 2016-01-29T00:00:00 (string)

dateUpdated : 2024-08-05T23:17:50.579Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:pdfbox:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "3F731F1D-75B3-4A8B-A54A-3E3E94774B4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:pdfbox:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "55675A83-9138-4052-AD50-FBAC6E230A93", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:pdfbox:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "B5051901-86CE-47DE-8485-C3504917423F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:pdfbox:1.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "5EA1BD8B-00D6-4B7D-90D9-5B3AC08D22E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:pdfbox:1.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "F5DA1D34-E99F-400E-884F-05B9511669F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:pdfbox:1.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "B095DE26-F565-4EFF-AB4C-D6C3CC88BD6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:pdfbox:1.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "69E2D87A-3F68-41B0-B69A-90A124CD462C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:pdfbox:1.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "192AF1D0-31CF-4F65-98DF-E1EB85BE622D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:pdfbox:1.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "CE32BAA0-7B6C-4FAC-85CF-B2B5A56F8F56", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:pdfbox:1.8.9:*:*:*:*:*:*:*", "matchCriteriaId": "E08AD210-90FB-40E2-9665-450B34EF6FB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:pdfbox:1.8.10:*:*:*:*:*:*:*", "matchCriteriaId": "7B693709-1B83-4B23-AD54-B002F4ACD4A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:pdfbox:1.8.11:*:*:*:*:*:*:*", "matchCriteriaId": "E4E1DA3F-E8F8-4424-B224-B2B9A2A93747", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:pdfbox:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "1EBD8054-1545-4A7E-8EE9-36632846FF11", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:pdfbox:2.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "1E3BD109-5505-45BC-A48D-CDF7D190E4B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:pdfbox:2.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "A3D6D027-1F55-413D-8F7F-7D94C2C2B917", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:pdfbox:2.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "093E23C1-668C-4EBD-ADA8-C61F46BD3CC3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF."}, {"lang": "es", "value": "Apache PDFBox en versiones anteriores a 1.8.12 y 2.x en versiones anteriores a 2.0.1 no inicializa correctamente los analizadores XML, lo que permite a atacantes dependientes del contexto llevar a cabo ataques XML External Entity (XXE) a trav\u00e9s de un PDF manipulado."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/611.html\">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>", "id": "CVE-2016-2175", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-06-01T20:59:01.747", "references": [{"source": "secalert@redhat.com", "url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201605.mbox/%3C83a03bcf-f86b-4688-37b5-615c080291d8%40apache.org%3E"}, {"source": "secalert@redhat.com", "url": "http://packetstormsecurity.com/files/137214/Apache-PDFBox-1.8.11-2.0.0-XML-Injection.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2017-0179.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2017-0248.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2017-0249.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2017-0272.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1739564"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1739565"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3606"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/538503/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/90902"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/ad5fbc86c1d1821ae1b963e8561ab6d6a5f66b2848e84f5a31477f54%40%3Ccommits.tika.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201605.mbox/%3C83a03bcf-f86b-4688-37b5-615c080291d8%40apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/137214/Apache-PDFBox-1.8.11-2.0.0-XML-Injection.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2017-0179.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2017-0248.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2017-0249.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2017-0272.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1739564"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1739565"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3606"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/538503/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/90902"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/ad5fbc86c1d1821ae1b963e8561ab6d6a5f66b2848e84f5a31477f54%40%3Ccommits.tika.apache.org%3E"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:apache:pdfbox:1.8.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 3F731F1D-75B3-4A8B-A54A-3E3E94774B4B (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:apache:pdfbox:1.8.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 55675A83-9138-4052-AD50-FBAC6E230A93 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:apache:pdfbox:1.8.2:*:*:*:*:*:*:* (string)

matchCriteriaId : B5051901-86CE-47DE-8485-C3504917423F (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:apache:pdfbox:1.8.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 5EA1BD8B-00D6-4B7D-90D9-5B3AC08D22E6 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:apache:pdfbox:1.8.4:*:*:*:*:*:*:* (string)

matchCriteriaId : F5DA1D34-E99F-400E-884F-05B9511669F8 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:apache:pdfbox:1.8.5:*:*:*:*:*:*:* (string)

matchCriteriaId : B095DE26-F565-4EFF-AB4C-D6C3CC88BD6A (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:apache:pdfbox:1.8.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 69E2D87A-3F68-41B0-B69A-90A124CD462C (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:apache:pdfbox:1.8.7:*:*:*:*:*:*:* (string)

matchCriteriaId : 192AF1D0-31CF-4F65-98DF-E1EB85BE622D (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:apache:pdfbox:1.8.8:*:*:*:*:*:*:* (string)

matchCriteriaId : CE32BAA0-7B6C-4FAC-85CF-B2B5A56F8F56 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:apache:pdfbox:1.8.9:*:*:*:*:*:*:* (string)

matchCriteriaId : E08AD210-90FB-40E2-9665-450B34EF6FB1 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:apache:pdfbox:1.8.10:*:*:*:*:*:*:* (string)

matchCriteriaId : 7B693709-1B83-4B23-AD54-B002F4ACD4A9 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:apache:pdfbox:1.8.11:*:*:*:*:*:*:* (string)

matchCriteriaId : E4E1DA3F-E8F8-4424-B224-B2B9A2A93747 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:apache:pdfbox:2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 1EBD8054-1545-4A7E-8EE9-36632846FF11 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:apache:pdfbox:2.0:rc1:*:*:*:*:*:* (string)

matchCriteriaId : 1E3BD109-5505-45BC-A48D-CDF7D190E4B3 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:apache:pdfbox:2.0:rc2:*:*:*:*:*:* (string)

matchCriteriaId : A3D6D027-1F55-413D-8F7F-7D94C2C2B917 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:apache:pdfbox:2.0:rc3:*:*:*:*:*:* (string)

matchCriteriaId : 093E23C1-668C-4EBD-ADA8-C61F46BD3CC3 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* (string)

matchCriteriaId : C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF. (string)

}

1 : { »

lang : es (string)

value : Apache PDFBox en versiones anteriores a 1.8.12 y 2.x en versiones anteriores a 2.0.1 no inicializa correctamente los analizadores XML, lo que permite a atacantes dependientes del contexto llevar a cabo ataques XML External Entity (XXE) a través de un PDF manipulado. (string)

}

]

evaluatorComment : <a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a> (string)

id : CVE-2016-2175 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : true (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 7.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 7.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2016-06-01T20:59:01.747 (string)

references : [ »

0 : { »

source : secalert@redhat.com (string)

url : http://mail-archives.us.apache.org/mod_mbox/www-announce/201605.mbox/%3C83a03bcf-f86b-4688-37b5-615c080291d8%40apache.org%3E (string)

}

1 : { »

source : secalert@redhat.com (string)

url : http://packetstormsecurity.com/files/137214/Apache-PDFBox-1.8.11-2.0.0-XML-Injection.html (string)

}

2 : { »

source : secalert@redhat.com (string)

url : http://rhn.redhat.com/errata/RHSA-2017-0179.html (string)

}

3 : { »

source : secalert@redhat.com (string)

url : http://rhn.redhat.com/errata/RHSA-2017-0248.html (string)

}

4 : { »

source : secalert@redhat.com (string)

url : http://rhn.redhat.com/errata/RHSA-2017-0249.html (string)

}

5 : { »

source : secalert@redhat.com (string)

url : http://rhn.redhat.com/errata/RHSA-2017-0272.html (string)

}

6 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://svn.apache.org/viewvc?view=revision&revision=1739564 (string)

}

7 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://svn.apache.org/viewvc?view=revision&revision=1739565 (string)

}

8 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.debian.org/security/2016/dsa-3606 (string)

}

9 : { »

source : secalert@redhat.com (string)

url : http://www.securityfocus.com/archive/1/538503/100/0/threaded (string)

}

10 : { »

source : secalert@redhat.com (string)

url : http://www.securityfocus.com/bid/90902 (string)

}

11 : { »

source : secalert@redhat.com (string)

url : https://lists.apache.org/thread.html/ad5fbc86c1d1821ae1b963e8561ab6d6a5f66b2848e84f5a31477f54%40%3Ccommits.tika.apache.org%3E (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://mail-archives.us.apache.org/mod_mbox/www-announce/201605.mbox/%3C83a03bcf-f86b-4688-37b5-615c080291d8%40apache.org%3E (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://packetstormsecurity.com/files/137214/Apache-PDFBox-1.8.11-2.0.0-XML-Injection.html (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2017-0179.html (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2017-0248.html (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2017-0249.html (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2017-0272.html (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://svn.apache.org/viewvc?view=revision&revision=1739564 (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://svn.apache.org/viewvc?view=revision&revision=1739565 (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.debian.org/security/2016/dsa-3606 (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/archive/1/538503/100/0/threaded (string)

}

22 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/bid/90902 (string)

}

23 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/ad5fbc86c1d1821ae1b963e8561ab6d6a5f66b2848e84f5a31477f54%40%3Ccommits.tika.apache.org%3E (string)

}

]

sourceIdentifier : secalert@redhat.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-Other (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2017:0179", "cpe": "cpe:/a:redhat:jboss_amq:6.3", "product_name": "Red Hat JBoss A-MQ 6.3", "release_date": "2017-01-19T00:00:00Z"}, {"advisory": "RHSA-2017:0249", "cpe": "cpe:/a:redhat:jboss_bpms:6.4", "product_name": "Red Hat JBoss BPMS 6.4", "release_date": "2017-02-02T00:00:00Z"}, {"advisory": "RHSA-2017:0248", "cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:6.4", "product_name": "Red Hat JBoss BRMS 6.4", "release_date": "2017-02-02T00:00:00Z"}, {"advisory": "RHSA-2017:0272", "cpe": "cpe:/a:redhat:jboss_data_virtualization:6.3", "package": "pdfbox", "product_name": "Red Hat JBoss Data Virtualization 6.3", "release_date": "2017-02-14T00:00:00Z"}, {"advisory": "RHSA-2017:0179", "cpe": "cpe:/a:redhat:jboss_fuse:6.3", "product_name": "Red Hat JBoss Fuse 6.3", "release_date": "2017-01-19T00:00:00Z"}], "bugzilla": {"description": "pdfbox: XML External Entity vulnerability", "id": "1340396", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340396"}, "csaw": false, "cvss": {"cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "status": "verified"}, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "status": "verified"}, "cwe": "CWE-611", "details": ["Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.", "It was found that the parsing of XMP and other XML formats in PDF by Apache PDFBox would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks."], "name": "CVE-2016-2175", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform", "fix_state": "Affected", "package_name": "pdfbox", "product_name": "Red Hat BPM Suite 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:6", "fix_state": "Affected", "package_name": "pdfbox", "product_name": "Red Hat JBoss BRMS 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Affected", "package_name": "pdfbox", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Not affected", "package_name": "pdfbox", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:6", "fix_state": "Will not fix", "package_name": "pdfbox", "product_name": "Red Hat JBoss Portal 6"}, {"cpe": "cpe:/a:redhat:network_satellite:5", "fix_state": "Affected", "package_name": "pdfbox", "product_name": "Red Hat Satellite 5"}], "public_date": "2016-05-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-2175\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2175"], "threat_severity": "Moderate"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2017:0179 (string)

cpe : cpe:/a:redhat:jboss_amq:6.3 (string)

product_name : Red Hat JBoss A-MQ 6.3 (string)

release_date : 2017-01-19T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2017:0249 (string)

cpe : cpe:/a:redhat:jboss_bpms:6.4 (string)

product_name : Red Hat JBoss BPMS 6.4 (string)

release_date : 2017-02-02T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2017:0248 (string)

cpe : cpe:/a:redhat:jboss_enterprise_brms_platform:6.4 (string)

product_name : Red Hat JBoss BRMS 6.4 (string)

release_date : 2017-02-02T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2017:0272 (string)

cpe : cpe:/a:redhat:jboss_data_virtualization:6.3 (string)

package : pdfbox (string)

product_name : Red Hat JBoss Data Virtualization 6.3 (string)

release_date : 2017-02-14T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2017:0179 (string)

cpe : cpe:/a:redhat:jboss_fuse:6.3 (string)

product_name : Red Hat JBoss Fuse 6.3 (string)

release_date : 2017-01-19T00:00:00Z (string)

}

]

bugzilla : { »

description : pdfbox: XML External Entity vulnerability (string)

id : 1340396 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1340396 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 5.8 (string)

cvss_scoring_vector : AV:N/AC:M/Au:N/C:P/I:N/A:P (string)

status : verified (string)

}

cvss3 : { »

cvss3_base_score : 5.4 (string)

cvss3_scoring_vector : CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L (string)

status : verified (string)

}

cwe : CWE-611 (string)

details : [ »

0 : Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF. (string)

1 : It was found that the parsing of XMP and other XML formats in PDF by Apache PDFBox would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. (string)

]

name : CVE-2016-2175 (string)

package_state : [ »

0 : { »

cpe : cpe:/a:redhat:jboss_enterprise_bpms_platform (string)

fix_state : Affected (string)

package_name : pdfbox (string)

product_name : Red Hat BPM Suite 6 (string)

}

1 : { »

cpe : cpe:/a:redhat:jboss_enterprise_brms_platform:6 (string)

fix_state : Affected (string)

package_name : pdfbox (string)

product_name : Red Hat JBoss BRMS 6 (string)

}

2 : { »

cpe : cpe:/a:redhat:jboss_fuse:6 (string)

fix_state : Affected (string)

package_name : pdfbox (string)

product_name : Red Hat JBoss Fuse 6 (string)

}

3 : { »

cpe : cpe:/a:redhat:jboss_fuse_service_works:6 (string)

fix_state : Not affected (string)

package_name : pdfbox (string)

product_name : Red Hat JBoss Fuse Service Works 6 (string)

}

4 : { »

cpe : cpe:/a:redhat:jboss_enterprise_portal_platform:6 (string)

fix_state : Will not fix (string)

package_name : pdfbox (string)

product_name : Red Hat JBoss Portal 6 (string)

}

5 : { »

cpe : cpe:/a:redhat:network_satellite:5 (string)

fix_state : Affected (string)

package_name : pdfbox (string)

product_name : Red Hat Satellite 5 (string)

}

]

public_date : 2016-05-27T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2016-2175 https://nvd.nist.gov/vuln/detail/CVE-2016-2175 (string)

]

threat_severity : Moderate (string)

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object