CVE-2016-2175

Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted PDF...

Xxe

Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted PDF...

CVE-2016-2175

CVE-2016-2175 is an XXE vulnerability in Apache PDFBox. The issue arises because PDFBox’s XML parsers are not properly initialized when processing XML data inside PDFs, allowing context-dependent attackers to craft PDFs that cause XML External Entity (XXE) attacks. Affected products include PDFBo...

CVE-2016-2175

Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted PDF...

CVE-2016-2175

Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted PDF...

Apache PDFBox XML External Entity Vulnerability

Apache PDFBox is the United States Apache Apache Software Foundation of an open source, Java-based and provide the creation of new PDF documents, modify existing PDF documents and other features of the tool library. Apache PDFBox version 1.8.0 to 1.8.11 and 2.0.0 version of the XML external entit...

CVE-2016-2175

It was found that the parsing of XMP and other XML formats in PDF by Apache PDFBox would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks...