vulnerability

Debian: CVE-2017-15691: uimaj -- security update

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

Apr 26, 2018

Added

Jul 30, 2024

Modified

Mar 30, 2026

Description

In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML external entity expansion (XXE) capability of various XML parsers. UIMA as part of its configuration and operation may read XML from various sources, which could be tainted in ways to cause inadvertent disclosure of local files or other internal content.

Solution

debian-upgrade-uimaj

References

CVE-2017-15691
https://attackerkb.com/topics/CVE-2017-15691
CWE-611
EUVD-EUVD-2022-5606
https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-5606

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report