Published: 18/04/2017 Updated: 22/07/2021

CVSS v2 Base Score: 7.9 | Impact Score: 9.2 | Exploitability Score: 6.8

CVSS v3 Base Score: 7.3 | Impact Score: 5.2 | Exploitability Score: 2.1

VMScore: 703

Vector: AV:N/AC:M/Au:S/C:C/I:N/A:C

In Apache FOP prior to 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache formatting objects processor

Debian Bug report logs - #860567 fop: CVE-2017-5661: information disclosure vulnerability Package: src:fop; Maintainer for src:fop is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 18 Apr 2017 18:33:02 UTC Severity: serious Tags ...

Apache Fop would allow unintended access to files over the network or could be made to crash ...

It was discovered that an XML external entities vulnerability in the Apache FOP XML formatter may result in information disclosure For the stable distribution (jessie), this problem has been fixed in version 1:11dfsg2-1+deb8u1 For the upcoming stable distribution (stretch), this problem has been fixed in version 1:21-6 For the unstable distri ...

In Apache FOP before 22, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files The file types that can be shown depend on the user context in which the exploitable application is running If the user is root a full compromise of the server - including confidential or se ...

Files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files The file types that can be shown depend on the user context in which the exploitable application is running If the user is root a full compromise of the server (including confidential or sensitive files) would be p ...

Tenablesc leverages third-party software to help provide underlying functionality Multiple third-party components were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution, and in line with best practice, Tenable has upgraded the bundled components to address the potential impact of the ...

CWE-611 https://xmlgraphics.apache.org/security.html http://www.securityfocus.com/bid/97947 http://www.debian.org/security/2017/dsa-3864 https://www.tenable.com/security/tns-2021-14 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860567 https://usn.ubuntu.com/3281-1/https://nvd.nist.gov

CVE-2017-5661

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect