Published: 17/04/2019 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent malicious users to conduct XML External Entity (XXE) attacks via a crafted XFDF.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache pdfbox 2.0.14
apache james 3.4.0
apache james 3.3.0
fedoraproject fedora 29
fedoraproject fedora 30
oracle hyperion financial reporting 11.1.2.4
oracle webcenter sites 12.2.1.3.0
oracle peoplesoft enterprise peopletools 8.58
oracle webcenter sites 12.2.1.4.0
oracle retail xstore point of service 17.0
oracle banking virtual account management 14.3.0
oracle communications messaging server 8.1
oracle peoplesoft enterprise peopletools 8.59
oracle retail xstore point of service 16.0.6
oracle retail xstore point of service 18.0.3
oracle hyperion financial reporting 11.2.6.0
oracle banking trade finance process management 14.2
oracle banking trade finance process management 14.3
oracle banking trade finance process management 14.5
oracle banking credit facilities process management 14.2
oracle banking credit facilities process management 14.3
oracle banking credit facilities process management 14.5
oracle banking corporate lending process management 14.2
oracle banking corporate lending process management 14.3
oracle banking corporate lending process management 14.5
oracle banking supply chain finance 14.2
oracle banking supply chain finance 14.3
oracle banking supply chain finance 14.5
oracle banking virtual account management 14.2
oracle banking virtual account management 14.5
oracle communications session report manager

Basic original program to parse a PDF for keywords (using Java & PostgreSQL).

Skill Search Engine - Fully Functional PDF Parser Creator 👤 Steven Williams Github: @bluesNbrews Twitter: @wsm9671 NOTE: This project is no longer supported WARNING: According to CVE-2019-0228, Apache PDFBox 2014 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF Reme

CWE-611 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuoct2021.html https://lists.apache.org/thread.html/bc8db1bf459f1ad909da47350ed554ee745abe9f25f2b50cad4e06dd%40%3Cserver-dev.james.apache.org%3E https://lists.apache.org/thread.html/be86fcd7cd423a3fe6b73a3cb9d7cac0b619d0deb99e6b5d172c98f4%40%3Ccommits.tika.apache.org%3E https://lists.apache.org/thread.html/8a19bd6d43e359913341043c2a114f91f9e4ae170059539ad1f5673c%40%3Ccommits.tika.apache.org%3E https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPOGHJ5CVMUVCRQU7APBAN5IVZGZFDX/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HKVPTJWZGUB4MH4AAOWMRJHRDBYFHGJ/https://lists.apache.org/thread.html/r32b8102392a174b17fd19509a9e76047f74852b77b7bf46af95e45a2%40%3Cserver-dev.james.apache.org%3E https://lists.apache.org/thread.html/r0a2141abeddae66dd57025f1681c8425834062b7c0c7e0b1d830a95d%40%3Cusers.pdfbox.apache.org%3E https://lists.apache.org/thread.html/1a3756557f8cb02790b7183ccf7665ae23f608a421c4f723113bca79%40%3Cusers.pdfbox.apache.org%3E https://nvd.nist.gov https://github.com/bluesNbrews/SkillSearchEngine

CVE-2019-0228

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect