[CVE-2016-2175] Apache PDFBox XML External Entity vulnerability

[CVE-2016-2175] Apache PDFBox XML External Entity vulnerability

The, Apache, Pdfbox, Xml, Entity, External, Owasp, Www, Khashaev, May, Affected, Xxe, Org, Https, Data, This, System, Impacts, Other, Where, From, Scanning

CVE-2016-2175: Apache PDFBox XML External Entity vulnerabilitySeverity: ImportantVendor:The Apache Software FoundationVe


CVE-2016-2175: Apache PDFBox XML External Entity vulnerability
Severity: Important
Vendor:
The Apache Software Foundation
Versions Affected:
Apache PDFBox 1.8.0 to 1.8.11
Apache PDFBox 2.0.0
Earlier, unsupported Apache PDFBox versions may be affected as well
Description:
Apache PDFBox parses different XML data within PDF files such as XMP and the
initialization of the XML parsers did not protect against XML External Entity
(XXE) vulnerabilities. According to www.owasp.org [1]: "This attack may lead to
the disclosure of confidential data, denial of service, server side request
forgery, port scanning from the perspective of the machine where the parser is
located, and other system impacts."
Mitigation:
Upgrade to Apache PDFBox 1.8.12 respectively 2.0.1
Credit:
This issue was discovered by Arthur Khashaev (https://khashaev.ru), Seulgi Kim,
Mesut Timur and Microsoft Vulnerability Research.
[1] https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing

Zdroj: Apache

2016-05-27 08:03:05 16049 4400Facebook | Twitter | Google+ | LinkedIn
Web PHP developer Milan Jankovec

<Milan Jankovec> Full Stack Web Developer

Vytváram webové stránky a aplikácie na mieru. Čistý a validný HTML5 kód na každej platforme, moderné animované CSS3 štýly a neuveriteľné JavaScript kúzla. Bezpečný a rýchly PHP kód bez obmedzení s geniálnou architektúrou databáz.

Najčítanejšie články

What's New in MySQL 5.6 Release Candidate

The MySQL 5.6 Release Candidate is an aggregation of the previous MySQL 5.6 Development Milestone Releases (DMR) and provides a true functio... čítať viac

MySQL 5.6: Improvements in Thread Pool

MySQL Thread Pool has now been updated for the MySQL 5.6 version. Obviously, with the much higher concurrency of the MySQL Server in 5.6 its... čítať viac

DBA and Developer Guide to MySQL 5.6

MySQL is the most trusted and depended-on open source database platform in use today. As such, 9 out of the top 10 most popular and highly-t... čítať viac

MySQL Applier for Hadoop

To support the growing emphasis on real-time operations, MySQL is releasing a new MySQL Applier for Hadoop to enable the replication of even... čítať viac

MySQL Cluster 7.3 GA: Increasing Developer Flexibility and Simplicity

The MySQL team at Oracle are excited to announce the immediate availability of the MySQL Cluster 7.3 Development Milestone Release GA releas... čítať viac

MySQL Cluster Auto-Installer: Video Tutorial

Learn how easy it is to deploy a MySQL Cluster database that has been configured to best meet your applications needs within your environmen... čítať viac

MySQL Replication Utilities: Video Tutorial

Learn how to use MySQL 5.6 and the MySQL Utilities to setup, monitor and manage your MySQL replication topology. See how a single command ca... čítať viac

MySQL 5.6 Replication - Enabling the Next Generation of Web & Cloud Services

The new MySQL 5.6.5 Development Milestone Release (DMR) introduces a much anticipated feature - Global Transaction Identifiers (GTIDs) for M... čítať viac

Dnešný výber

Automation Tips for Busy Holiday Marketers

Several ideas from our partner dotmailer on campaign automation to bolster your results and save you time this seasonZdr... čítať viac

Apache Tomcat Connectors 1.2.41 released

The Apache Tomcat Project is proud to announce the release of version1.2.41 of the Apache Tomcat Connectors.This version... čítať viac

Ubuntu - Snap Updates are getting smaller, here’s why:

This is a guest post by Thomi Richards. If you would like to contribute a guest post, please contact ubuntu-devices@cano... čítať viac

Responsive Google Presentation (Joomla)

Joomla extension Responsive Google Presentation (Joomla). The best way to include in your Joomla! site a Google Presentation and make the re... čítať viac

Vina Jssor Tiled Category for K2 (Joomla)

Je dostupné nové rozšírenie pre redakčný systém Joomla pod názvom Vina Jssor Tiled Category for K2 (Joomla). Vina Jssor Tiled Category for K... čítať viac

Vina Product Carousel for JShopping (Joomla)

Je dostupné nové rozšírenie pre redakčný systém Joomla pod názvom Vina Product Carousel for JShopping (Joomla). We are pleased to announce t... čítať viac

Ubuntu - LXD 2.0: Installing and configuring LXD [2/12]

This is the second blog post in this series about LXD 2.0.Where to get LXD and how to install itThere are many ways to get the latest and gr... čítať viac

AutoTweetNG for Jomres (Joomla)

Joomla extension AutoTweetNG for Jomres (Joomla). AutoTweet-Jomres plug-in allows you to directly auto-post content from Jomres to all socia... čítať viac