CVE-2016-4434
high
CVSS v3
7.8
CVSS v2
6.8
VIR risk
7.8
Description
Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks via vectors involving (1) spreadsheets in OOXML files and (2) XMP metadata in PDF and other file formats, a related issue to CVE-2016-2175.
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2016-4434
Vendor advisory: secalert@redhat.com — https://mail-archives.apache.org/mod_mbox/tika-dev/201605.mbox/%3C1705136517.1175366.1464278135251.JavaMail.yahoo%40mail.yahoo.com%3E
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bullseye | fixed | 1.18-1 |
| debian | sid | fixed | 1.18-1 |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.apache.tika:tika-core | <1.13 | 1.13 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| apache | tika | 1.12 | |
References
- http://rhn.redhat.com/errata/RHSA-2017-0248.html
- http://rhn.redhat.com/errata/RHSA-2017-0249.html
- http://rhn.redhat.com/errata/RHSA-2017-0272.html
- http://www.securityfocus.com/archive/1/538500/100/0/threaded
- https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
- https://mail-archives.apache.org/mod_mbox/tika-dev/201605.mbox/%3C1705136517.1175366.1464278135251.JavaMail.yahoo%40mail.yahoo.com%3E
- https://nvd.nist.gov/vuln/detail/CVE-2016-4434
- https://github.com/advisories/GHSA-4xr4-4c65-hj7f
- https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
- https://security-tracker.debian.org/tracker/CVE-2016-4434
CWEs
CWE-611
Verify integrity in audit chain (admin only). AS-IS.