Apache Tika parses XML within numerous file formats. In some instances, such as spreadsheets in OOXML files, XMP in PDF, and other file formats, the initialization of the XML parser or the choice of handlers did not protect against XML External Entity (XXE) vulnerabilities. References: http://seclists.org/oss-sec/2016/q2/413
Created tika tracking bugs for this issue: Affects: fedora-all [bug 1340387]
This issue has been addressed in the following products: Red Hat JBoss BPM Suite 6.4.1 Via RHSA-2017:0249 https://rhn.redhat.com/errata/RHSA-2017-0249.html
This issue has been addressed in the following products: Red Hat JBoss BRMS 6.4.1 Via RHSA-2017:0248 https://rhn.redhat.com/errata/RHSA-2017-0248.html
This issue has been addressed in the following products: Red Hat JBoss Data Virtualization 6.3 Update 4 Via RHSA-2017:0272 https://rhn.redhat.com/errata/RHSA-2017-0272.html