CVE-2017-5661
Vulnerability from cvelistv5
Published
2017-04-18 14:00
Modified
2024-08-05 15:11
Severity ?
Summary
In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
References
security@apache.orghttp://www.debian.org/security/2017/dsa-3864
security@apache.orghttp://www.securityfocus.com/bid/97947
security@apache.orghttps://www.tenable.com/security/tns-2021-14
security@apache.orghttps://xmlgraphics.apache.org/security.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3864
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/97947
af854a3a-2127-422b-91ae-364da2661108https://www.tenable.com/security/tns-2021-14
af854a3a-2127-422b-91ae-364da2661108https://xmlgraphics.apache.org/security.htmlPatch, Vendor Advisory
Impacted products
Vendor Product Version
Apache Software Foundation Apache FOP Version: before 2.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T15:11:48.294Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "DSA-3864",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2017/dsa-3864",
               },
               {
                  name: "97947",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/97947",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://xmlgraphics.apache.org/security.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.tenable.com/security/tns-2021-14",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Apache FOP",
               vendor: "Apache Software Foundation",
               versions: [
                  {
                     status: "affected",
                     version: "before 2.2",
                  },
               ],
            },
         ],
         datePublic: "2017-04-18T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "XXE",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-07-22T17:07:13",
            orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            shortName: "apache",
         },
         references: [
            {
               name: "DSA-3864",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2017/dsa-3864",
            },
            {
               name: "97947",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/97947",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://xmlgraphics.apache.org/security.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.tenable.com/security/tns-2021-14",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@apache.org",
               ID: "CVE-2017-5661",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Apache FOP",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "before 2.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Apache Software Foundation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "XXE",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "DSA-3864",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2017/dsa-3864",
                  },
                  {
                     name: "97947",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/97947",
                  },
                  {
                     name: "https://xmlgraphics.apache.org/security.html",
                     refsource: "CONFIRM",
                     url: "https://xmlgraphics.apache.org/security.html",
                  },
                  {
                     name: "https://www.tenable.com/security/tns-2021-14",
                     refsource: "CONFIRM",
                     url: "https://www.tenable.com/security/tns-2021-14",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
      assignerShortName: "apache",
      cveId: "CVE-2017-5661",
      datePublished: "2017-04-18T14:00:00",
      dateReserved: "2017-01-29T00:00:00",
      dateUpdated: "2024-08-05T15:11:48.294Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2017-5661\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2017-04-18T14:59:00.150\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.\"},{\"lang\":\"es\",\"value\":\"En Apache FOP en versiones anteriores a 2.2, los archivos que se basan en el sistema de archivos del servidor que utiliza FOP pueden ser revelados a usuarios arbitrarios que mandasen archivos SVG formados maliciosamente. Los tipos de archivo que se pueden mostrar dependen del contexto de usuario en el que la aplicación explotada se está ejecutando. Si el usuario es root, un comprometimiento completo del servidor - incluyendo los archivos sensibles y confidenciales - sería posible. XXE también puede ser utilizado para atacar la disponibilidad del servidor a través de una denegación del servicio, ya que las referencias dentro de un documento xml pueden desencadenar trivialmente un ataque de amplificación.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.1,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:C/I:N/A:C\",\"baseScore\":7.9,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":6.8,\"impactScore\":9.2,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:formatting_objects_processor:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.1\",\"matchCriteriaId\":\"CC727867-D12D-4F25-864B-68023C2845C5\"}]}]}],\"references\":[{\"url\":\"http://www.debian.org/security/2017/dsa-3864\",\"source\":\"security@apache.org\"},{\"url\":\"http://www.securityfocus.com/bid/97947\",\"source\":\"security@apache.org\"},{\"url\":\"https://www.tenable.com/security/tns-2021-14\",\"source\":\"security@apache.org\"},{\"url\":\"https://xmlgraphics.apache.org/security.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2017/dsa-3864\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/97947\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.tenable.com/security/tns-2021-14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://xmlgraphics.apache.org/security.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.