Published: 18/04/2017 Updated: 20/10/2020

CVSS v2 Base Score: 7.9 | Impact Score: 9.2 | Exploitability Score: 6.8

CVSS v3 Base Score: 7.3 | Impact Score: 5.2 | Exploitability Score: 2.1

VMScore: 703

Vector: AV:N/AC:M/Au:S/C:C/I:N/A:C

In Apache Batik prior to 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache batik

Synopsis Important: Red Hat JBoss Fuse/A-MQ 63 R6 security and bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabi ...

Apache Batik would allow unintended access to files over the network or could be made to crash ...

Debian Bug report logs - #899374 batik: CVE-2018-8013 Package: src:batik; Maintainer for src:batik is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 23 May 2018 13:27:02 UTC Severity: important Tags: fixed-upstream, security, up ...

Debian Bug report logs - #860566 batik: CVE-2017-5662: information disclosure vulnerability Package: src:batik; Maintainer for src:batik is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 18 Apr 2017 18:03:02 UTC Severity: import ...

Man Yue Mo, Lars Krapf and Pierre Ernst discovered that Batik, a toolkit for processing SVG images, did not properly validate its input This would allow an attacker to cause a denial-of-service, mount cross-site scripting attacks, or access restricted files on the server For the oldstable distribution (jessie), these problems have been fixed in v ...

An XXE vulnerability was found in Apache Batik which could allow a remote attacker to retrieve the files on the vulnerable server's filesystem by uploading specially crafted SVG images The vulnerability could also allow a denial of service condition by performing an amplification attack ...

A cheatsheet for exploiting server-side SVG rasterization.

SVG rasterization cheatsheet SVG rasterization cheatsheet XLink:Href references Documents Images Fonts ICC profiles Stylesheets XML stylesheet CSS @import CSS infinite loading via @import rule Infinite loading using /dev/random Tags styles using fill attribute Scripting Embedded scripts Script tag Events External scripts Code execution XML External Entities Li

CWE-611 https://xmlgraphics.apache.org/security.html http://www.securityfocus.com/bid/97948 http://www.securitytracker.com/id/1038334 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html https://access.redhat.com/errata/RHSA-2017:2547 https://access.redhat.com/errata/RHSA-2017:2546 https://access.redhat.com/errata/RHSA-2018:0319 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html https://www.debian.org/security/2018/dsa-4215 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html https://www.oracle.com/security-alerts/cpuoct2020.html https://access.redhat.com/errata/RHSA-2018:0319 https://usn.ubuntu.com/3280-1/https://nvd.nist.gov

CVE-2017-5662

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect