CVE-2017-15691: XEE
First published: Thu Apr 26 2018(Updated: )
Apache UIMA before version 2.10.2 has an XML external entity expansion vulnerability. A remote attacker could exploit this to potentially execute arbitrary code. External Reference: <a href="https://uima.apache.org/security_report#CVE-2017-15691">https://uima.apache.org/security_report#CVE-2017-15691</a>
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/uimaj | <2.10.2 | 2.10.2 |
| Apache uimaj | <2.10.2 | |
| Apache uimaj | =3.0.0 | |
| Apache uimaj | =3.0.0-alpha | |
| Apache uimaj | =3.0.0-alpha2 | |
| Apache uima-as | <2.10.2 | |
| Apache uimaFIT | <2.4.0 | |
| Apache uimaDUCC | <2.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2017-15691 https://nvd.nist.gov/vuln/detail/CVE-2017-15691 https://uima.apache.org/security_report#CVE-2017-15691
- https://bugzilla.redhat.com/show_bug.cgi?id=1572463
- https://access.redhat.com/errata/RHSA-2019:1545
- https://access.redhat.com/security/cve/cve-2017-15691
- https://lists.apache.org/thread.html/00407c65738e625a8cc9d732923a4ab2d8299603cc7c7e5cc2da9c79@%3Ccommits.uima.apache.org%3E
- https://uima.apache.org/security_report#CVE-2017-15691
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1572464
- https://lists.apache.org/thread.html/00407c65738e625a8cc9d732923a4ab2d8299603cc7c7e5cc2da9c79%40%3Ccommits.uima.apache.org%3E
Frequently Asked Questions
What is CVE-2017-15691?
CVE-2017-15691 is a vulnerability in Apache uimaj, uima-as, uimaFIT, and uimaDUCC that allows XML external entity expansion (XXE).
What is the severity of CVE-2017-15691?
CVE-2017-15691 has a severity rating of 8.8 (high).
How does CVE-2017-15691 affect Apache uimaj versions prior to 2.10.2?
CVE-2017-15691 affects Apache uimaj versions prior to 2.10.2 by allowing XML external entity expansion (XXE).
How do I fix CVE-2017-15691?
To fix CVE-2017-15691, update to Apache uimaj version 2.10.2 or later.
Where can I find more information about CVE-2017-15691?
You can find more information about CVE-2017-15691 at the following references: [link1], [link2], [link3].
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/severity
- agent/author
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-15691
- agent/software-canonical-lookup
- agent/references
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- vendor/apache
- canonical/apache uimaj
- version/apache uimaj/3.0.0
- version/apache uimaj/3.0.0-alpha
- version/apache uimaj/3.0.0-alpha2
- canonical/apache uima-as
- canonical/apache uimafit
- canonical/apache uimaducc
- package-manager/redhat