CVE 2017-15691
In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML external entity expansion (XXE) capability of various XML parsers. UIMA as part of its configuration and operation may read XML from various sources, which could be tainted in ways to cause inadvertent disclosure of local files or other internal content.
Related bugs and status
CVE-2017-15691 (Candidate) is related to these bugs:
Bug #1814133: update to openjdk 11 in 18.04 LTS
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1814133 | update to openjdk 11 in 18.04 LTS | saaj (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | ca-certificates-java (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jaxws-api (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jws-api (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | metro-policy (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | maven-debian-helper (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | testng (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | plexus-languages (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | libcommons-lang3-java (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | dd-plist (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | clojure1.8 (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | gradle (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jtreg (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | maven-compiler-plugin (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | surefire (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | gradle-debian-helper (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | groovy (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jasperreports (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | octave (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | gettext (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | insubstantial (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | java-common (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | javatools (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jnr-posix (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jruby (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jython (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | libgpars-groovy-java (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | logback (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | maven-javadoc-plugin (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | openjdk-lts (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | openjfx (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | scala (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | openjdk-11-jre-dcevm (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jameica-util (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | libreoffice (Ubuntu) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | libreoffice-l10n (Ubuntu) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | gatk-native-bindings (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | gkl (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | htsjdk (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jameica (Ubuntu) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jameica-datasource (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | maven-bundle-plugin (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | maven-enforcer (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | maven-plugin-tools (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | maven-jaxb2-plugin (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jruby-openssl (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | visualvm (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | libjogl2-java (Ubuntu) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | fonts-liberation2 (Ubuntu) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | libjavaewah-java (Ubuntu Bionic) | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
