7.8

CVE-2016-2175

Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApachePdfbox Version1.8.0
ApachePdfbox Version1.8.1
ApachePdfbox Version1.8.2
ApachePdfbox Version1.8.3
ApachePdfbox Version1.8.4
ApachePdfbox Version1.8.5
ApachePdfbox Version1.8.6
ApachePdfbox Version1.8.7
ApachePdfbox Version1.8.8
ApachePdfbox Version1.8.9
ApachePdfbox Version1.8.10
ApachePdfbox Version1.8.11
ApachePdfbox Version2.0
ApachePdfbox Version2.0 Updaterc1
ApachePdfbox Version2.0 Updaterc2
ApachePdfbox Version2.0 Updaterc3
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.76% 0.908
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://mail-archives.us.apache.org/mod_mbox/www-announce/201605.mbox/%3C83a03bcf-f86b-4688-37b5-615c080291d8%40apache.org%3E
http://packetstormsecurity.com/files/137214/Apache-PDFBox-1.8.11-2.0.0-XML-Injection.html
http://rhn.redhat.com/errata/RHSA-2017-0179.html
http://rhn.redhat.com/errata/RHSA-2017-0248.html
http://rhn.redhat.com/errata/RHSA-2017-0249.html
http://rhn.redhat.com/errata/RHSA-2017-0272.html
http://svn.apache.org/viewvc?view=revision&revision=1739564
Patch
Vendor Advisory
http://svn.apache.org/viewvc?view=revision&revision=1739565
Patch
Vendor Advisory
http://www.debian.org/security/2016/dsa-3606
Third Party Advisory
http://www.securityfocus.com/archive/1/538503/100/0/threaded
http://www.securityfocus.com/bid/90902
https://lists.apache.org/thread.html/ad5fbc86c1d1821ae1b963e8561ab6d6a5f66b2848e84f5a31477f54%40%3Ccommits.tika.apache.org%3E