CVE-2016-4434 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2016-4434 Interim 1 1 2024-06-13T01:48:28Z current 2024-06-13T01:48:28Z 2024-06-13T01:48:28Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2016-4434 Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks via vectors involving (1) spreadsheets in OOXML files and (2) XMP metadata in PDF and other file formats, a related issue to CVE-2016-2175. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Manager Server 3.1 SUSE Manager Server 3.2 SUSE Manager Server Module 4.0 tika-core tika-core as a component of SUSE Manager Server 3.1 tika-core as a component of SUSE Manager Server 3.2 tika-core as a component of SUSE Manager Server Module 4.0 Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks via vectors involving (1) spreadsheets in OOXML files and (2) XMP metadata in PDF and other file formats, a related issue to CVE-2016-2175. CVE-2016-4434 SUSE Manager Server 3.1:tika-core SUSE Manager Server 3.2:tika-core SUSE Manager Server Module 4.0:tika-core important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H