Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
07 Nov 2023, 03:01
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
29 Apr 2022, 16:12
Type | Values Removed | Values Added |
---|---|---|
First Time |
Apache james
Oracle Oracle banking Supply Chain Finance Fedoraproject fedora Oracle hyperion Financial Reporting Oracle banking Trade Finance Process Management Oracle peoplesoft Enterprise Peopletools Oracle webcenter Sites Oracle banking Virtual Account Management Oracle banking Credit Facilities Process Management Oracle retail Xstore Point Of Service Oracle communications Messaging Server Oracle banking Corporate Lending Process Management Oracle communications Session Report Manager Fedoraproject |
|
References | (MLIST) https://lists.apache.org/thread.html/bc8db1bf459f1ad909da47350ed554ee745abe9f25f2b50cad4e06dd@%3Cserver-dev.james.apache.org%3E - Issue Tracking, Mailing List, Vendor Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Third Party Advisory | |
References | (N/A) https://www.oracle.com//security-alerts/cpujul2021.html - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/be86fcd7cd423a3fe6b73a3cb9d7cac0b619d0deb99e6b5d172c98f4@%3Ccommits.tika.apache.org%3E - Mailing List, Patch, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r32b8102392a174b17fd19509a9e76047f74852b77b7bf46af95e45a2@%3Cserver-dev.james.apache.org%3E - Issue Tracking, Mailing List, Vendor Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r0a2141abeddae66dd57025f1681c8425834062b7c0c7e0b1d830a95d@%3Cusers.pdfbox.apache.org%3E - Issue Tracking, Mailing List, Vendor Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HKVPTJWZGUB4MH4AAOWMRJHRDBYFHGJ/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POPOGHJ5CVMUVCRQU7APBAN5IVZGZFDX/ - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/8a19bd6d43e359913341043c2a114f91f9e4ae170059539ad1f5673c@%3Ccommits.tika.apache.org%3E - Mailing List, Patch, Vendor Advisory | |
References | (N/A) https://www.oracle.com/security-alerts/cpuapr2020.html - Third Party Advisory | |
CPE | cpe:2.3:a:apache:james:3.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:apache:james:3.4.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_trade_finance_process_management:14.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_virtual_account_management:14.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:hyperion_financial_reporting:11.2.6.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_virtual_account_management:14.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:* cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_trade_finance_process_management:14.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:* |
20 Oct 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jun 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Jan 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-04-17 15:29
Updated : 2023-12-10 12:59
NVD link : CVE-2019-0228
Mitre link : CVE-2019-0228
CVE.ORG link : CVE-2019-0228
JSON object : View
Products Affected
apache
- james
- pdfbox
oracle
- banking_virtual_account_management
- hyperion_financial_reporting
- retail_xstore_point_of_service
- webcenter_sites
- banking_credit_facilities_process_management
- banking_supply_chain_finance
- banking_corporate_lending_process_management
- communications_session_report_manager
- communications_messaging_server
- peoplesoft_enterprise_peopletools
- banking_trade_finance_process_management
fedoraproject
- fedora
CWE
CWE-611
Improper Restriction of XML External Entity Reference