Candidate: CVE-2017-15691
PublicDate: 2018-04-26 17:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15691
 https://uima.apache.org/security_report#CVE-2017-15691
Description:
 In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to
 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0,
 Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML
 external entity expansion (XXE) capability of various XML parsers. UIMA as
 part of its configuration and operation may read XML from various sources,
 which could be tainted in ways to cause inadvertent disclosure of local
 files or other internal content.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N [6.5 MEDIUM]


Patches_uimaj:
upstream_uimaj: released (2.10.2-1)
precise/esm_uimaj: DNE
trusty_uimaj: ignored (reached end-of-life)
trusty/esm_uimaj: DNE (trusty was needed)
xenial_uimaj: ignored (end of standard support, was needed)
artful_uimaj: ignored (reached end-of-life)
bionic_uimaj: needed
cosmic_uimaj: ignored (reached end-of-life)
disco_uimaj: not-affected (2.10.2-1)
eoan_uimaj: not-affected (2.10.2-1)
focal_uimaj: not-affected (2.10.2-1)
groovy_uimaj: not-affected (2.10.2-1)
hirsute_uimaj: not-affected (2.10.2-1)
impish_uimaj: not-affected (2.10.2-1)
jammy_uimaj: not-affected (2.10.2-1)
devel_uimaj: not-affected (2.10.2-1)