VDB
RHSA-2017%3A0272
RHSA-2017%3A0272
PUBLISHED
CVSS 5.400000095367432 MEDIUM
It was found that the parsing of XMP and other XML formats in PDF by Apache PDFBox would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
Risk Scores
CVSS 3.0
5.400000095367432
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat JBoss Data Virtualization 6.3 |
Timeline
- Feb 14, 2017 CVE Published
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- May 14, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2017:0272 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.services.platform&downloadType=securityPatches&version=6.3.0 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1340386 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1340396 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1413466 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_0272.json advisory
- https://access.redhat.com/security/cve/CVE-2016-2175 advisory
- https://www.cve.org/CVERecord?id=CVE-2016-2175 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2016-2175 advisory
- https://access.redhat.com/security/cve/CVE-2016-4434 advisory
- https://www.cve.org/CVERecord?id=CVE-2016-4434 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2016-4434 advisory
- https://access.redhat.com/security/cve/CVE-2016-6814 advisory
- https://www.cve.org/CVERecord?id=CVE-2016-6814 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2016-6814 advisory