VDB

DEBIAN-CVE-2016-4434

DEBIAN-CVE-2016-4434 PUBLISHED CVSS 7.800000190734863 HIGH

Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks via vectors involving (1) spreadsheets in OOXML files and (2) XMP metadata in PDF and other file formats, a related issue to CVE-2016-2175.

Risk Scores

CVSS v3.0
7.800000190734863
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Debian:11tika0, 0, 0

Timeline

  • Sep 30, 2017 CVE Published
  • Apr 28, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›