ID CVE-2017-5662
Summary In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
References
Vulnerable Configurations
  • Apache Software Foundation Batik 1.8
    cpe:2.3:a:apache:batik:1.8
CVSS
Base: 7.9 (as of 22-04-2017 - 14:47)
Impact:
Exploitability:
CWE CWE-611
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
COMPLETE NONE COMPLETE
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-AFF3DD3101.NASL
    description Security fix for CVE-2017-5662 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 100079
    published 2017-05-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100079
    title Fedora 24 : batik (2017-aff3dd3101)
  • NASL family Windows
    NASL id ORACLE_BI_PUBLISHER_APR_2018_CPU.NASL
    description The version of Oracle Business Intelligence Publisher running on the remote host is 11.1.1.7.x prior to 11.1.1.7.180417 or 11.1.1.9.x prior to 11.1.1.9.180417, similarly, versions 12.2.1.2.x prior to 12.2.1.2.180116 and 12.2.1.3.x prior to 12.2.1.3.180116 are affected as noted in the April 2018 Critical Patch Update advisory. The Oracle Business Intelligence Publisher installed on the remote host is affected by multiple vulnerabilities: - A vulnerability can be exploited by a remote attacker by sending a crafted serialized Java object. A successful attack would allow the attacker to execute arbitrary commands on the vulnerable server (CVE-2015-7501). - A vulnerability exists on Apache Batik before 1.9. The vulnerability would allow an attacker to send a malicious SVG file to a user. An attacker who successfully exploits this vulnerability could result in the compromise of the server (CVE-2017-5662). Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-15
    plugin id 119939
    published 2018-12-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119939
    title Oracle Business Intelligence Publisher Multiple Vulnerabilities (April 2018 CPU)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-7A5F625013.NASL
    description Update to upstream version 1.9. Fixes CVE-2017-5662. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 101662
    published 2017-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101662
    title Fedora 26 : batik (2017-7a5f625013)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-926.NASL
    description In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack. For Debian 7 'Wheezy', these problems have been fixed in version 1.7+dfsg-3+deb7u2. We recommend that you upgrade your batik packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-10
    plugin id 99737
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99737
    title Debian DLA-926-1 : batik security update
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3280-1.NASL
    description Lars Krapf and Pierre Ernst discovered that Apache Batik incorrectly handled XML external entities. A remote attacker could possibly use this issue to obtain sensitive files from the filesystem, or cause a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 100099
    published 2017-05-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100099
    title Ubuntu 14.04 LTS : batik vulnerability (USN-3280-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4215.NASL
    description Man Yue Mo, Lars Krapf and Pierre Ernst discovered that Batik, a toolkit for processing SVG images, did not properly validate its input. This would allow an attacker to cause a denial-of-service, mount cross-site scripting attacks, or access restricted files on the server.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 110316
    published 2018-06-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110316
    title Debian DSA-4215-1 : batik - security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-43B46CD2DA.NASL
    description Security fix for CVE-2017-5662 ---- Add missing requires on xmlgraphics-commons Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-01
    plugin id 100074
    published 2017-05-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100074
    title Fedora 25 : batik (2017-43b46cd2da)
redhat via4
advisories
  • rhsa
    id RHSA-2017:2546
  • rhsa
    id RHSA-2017:2547
  • rhsa
    id RHSA-2018:0319
refmap via4
bid 97948
confirm
debian DSA-4215
sectrack 1038334
Last major update 25-04-2017 - 11:06
Published 18-04-2017 - 10:59
Last modified 18-07-2018 - 21:29
Back to Top