RHSA-2017:3452-01 -- Redhat rh-java-common-lucene5ID: oval:org.secpod.oval:def:504957 | Date: (C)2021-02-03 (M)2022-10-10 |
Class: PATCH | Family: unix |
Apache Lucene is a high-performance, full-featured text search engine library written entirely in Java. It is a technology suitable for nearly any application that requires full-text search, especially cross-platform. Security Fix: * It was discovered that Lucene"s XML query parser did not properly restrict doctype declaration and expansion of external entities. An attacker with access to an application using a Lucene XML query parser could exploit this flaw to perform XML eXternal Entity attacks. For more information regarding CVE-2017-12629, see the article linked in the References section.
Platform: |
Red Hat Enterprise Linux 7 |
Red Hat Enterprise Linux 6 |
Product: |
rh-java-common-lucene5 |