cnvd - cnvd-2017-05675

cnvd-2017-05675

Vulnerability from cnvd

Title: Apache Batik XXE信息泄露漏洞

Description:

Apache Batik是一个纯Java库，可用于渲染、生成及操纵SVG图形。

Apache Batik XXE存在信息泄露漏洞。在Apache Batik中，位于使用batik的服务器的文件系统上的文件可被泄露给发送恶意形成的SVG文件的任意用户。可以显示的文件类型取决于可以利用的应用程序正在运行的用户上下文。如果用户是root用户，则可能会对服务器（包括机密或敏感文件）造成完全的危害。还可使用XXE通过拒绝服务攻击服务器的可用性，因为xml文档中的引用可能触发放大攻击。

Severity: 高

Patch Name: Apache Batik XXE信息泄露漏洞的补丁

Patch Description:

Apache Batik是一个纯Java库，可用于渲染、生成及操纵SVG图形。在Apache Batik中，位于使用batik的服务器的文件系统上的文件可被泄露给发送恶意形成的SVG文件的任意用户。可以显示的文件类型取决于可以利用的应用程序正在运行的用户上下文。如果用户是root用户，则可能会对服务器（包括机密或敏感文件）造成完全的危害。还可使用XXE通过拒绝服务攻击服务器的可用性，因为xml文档中的引用可能触发放大攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布漏洞修复程序，请及时关注更新： https://xmlgraphics.apache.org/security.html

Reference: https://xmlgraphics.apache.org/security.html

Impacted products

Name
['Apache Software Foundation Batik SVG Toolkit 1.7', 'Apache Batik 1.8', 'Apache Batik 1.7', 'Apache Batik 1.6', 'Apache Batik 1.5.1', 'Apache Batik 1.5', 'Apache Batik 1.1.1', 'Apache Batik 1.1', 'Apache Batik 1.0']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "97948"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-5662"
    }
  },
  "description": "Apache Batik\u662f\u4e00\u4e2a\u7eafJava\u5e93\uff0c\u53ef\u7528\u4e8e\u6e32\u67d3\u3001\u751f\u6210\u53ca\u64cd\u7eb5SVG\u56fe\u5f62\u3002\r\n\r\nApache Batik XXE\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u5728Apache Batik\u4e2d\uff0c\u4f4d\u4e8e\u4f7f\u7528batik\u7684\u670d\u52a1\u5668\u7684\u6587\u4ef6\u7cfb\u7edf\u4e0a\u7684\u6587\u4ef6\u53ef\u88ab\u6cc4\u9732\u7ed9\u53d1\u9001\u6076\u610f\u5f62\u6210\u7684SVG\u6587\u4ef6\u7684\u4efb\u610f\u7528\u6237\u3002\u53ef\u4ee5\u663e\u793a\u7684\u6587\u4ef6\u7c7b\u578b\u53d6\u51b3\u4e8e\u53ef\u4ee5\u5229\u7528\u7684\u5e94\u7528\u7a0b\u5e8f\u6b63\u5728\u8fd0\u884c\u7684\u7528\u6237\u4e0a\u4e0b\u6587\u3002\u5982\u679c\u7528\u6237\u662froot\u7528\u6237\uff0c\u5219\u53ef\u80fd\u4f1a\u5bf9\u670d\u52a1\u5668\uff08\u5305\u62ec\u673a\u5bc6\u6216\u654f\u611f\u6587\u4ef6\uff09\u9020\u6210\u5b8c\u5168\u7684\u5371\u5bb3\u3002\u8fd8\u53ef\u4f7f\u7528XXE\u901a\u8fc7\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u670d\u52a1\u5668\u7684\u53ef\u7528\u6027\uff0c\u56e0\u4e3axml\u6587\u6863\u4e2d\u7684\u5f15\u7528\u53ef\u80fd\u89e6\u53d1\u653e\u5927\u653b\u51fb\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://xmlgraphics.apache.org/security.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-05675",
  "openTime": "2017-04-30",
  "patchDescription": "Apache Batik\u662f\u4e00\u4e2a\u7eafJava\u5e93\uff0c\u53ef\u7528\u4e8e\u6e32\u67d3\u3001\u751f\u6210\u53ca\u64cd\u7eb5SVG\u56fe\u5f62\u3002\r\n\u5728Apache Batik\u4e2d\uff0c\u4f4d\u4e8e\u4f7f\u7528batik\u7684\u670d\u52a1\u5668\u7684\u6587\u4ef6\u7cfb\u7edf\u4e0a\u7684\u6587\u4ef6\u53ef\u88ab\u6cc4\u9732\u7ed9\u53d1\u9001\u6076\u610f\u5f62\u6210\u7684SVG\u6587\u4ef6\u7684\u4efb\u610f\u7528\u6237\u3002\u53ef\u4ee5\u663e\u793a\u7684\u6587\u4ef6\u7c7b\u578b\u53d6\u51b3\u4e8e\u53ef\u4ee5\u5229\u7528\u7684\u5e94\u7528\u7a0b\u5e8f\u6b63\u5728\u8fd0\u884c\u7684\u7528\u6237\u4e0a\u4e0b\u6587\u3002\u5982\u679c\u7528\u6237\u662froot\u7528\u6237\uff0c\u5219\u53ef\u80fd\u4f1a\u5bf9\u670d\u52a1\u5668\uff08\u5305\u62ec\u673a\u5bc6\u6216\u654f\u611f\u6587\u4ef6\uff09\u9020\u6210\u5b8c\u5168\u7684\u5371\u5bb3\u3002\u8fd8\u53ef\u4f7f\u7528XXE\u901a\u8fc7\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u670d\u52a1\u5668\u7684\u53ef\u7528\u6027\uff0c\u56e0\u4e3axml\u6587\u6863\u4e2d\u7684\u5f15\u7528\u53ef\u80fd\u89e6\u53d1\u653e\u5927\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Batik XXE\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apache Software Foundation Batik SVG Toolkit 1.7",
      "Apache Batik 1.8",
      "Apache Batik 1.7",
      "Apache Batik 1.6",
      "Apache Batik 1.5.1",
      "Apache Batik 1.5",
      "Apache Batik 1.1.1",
      "Apache Batik 1.1",
      "Apache Batik 1.0"
    ]
  },
  "referenceLink": "https://xmlgraphics.apache.org/security.html",
  "serverity": "\u9ad8",
  "submitTime": "2017-04-26",
  "title": "Apache Batik XXE\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2017-5662 (GCVE-0-2017-5662)

Vulnerability from cvelistv5

Published

2017-04-18 14:00

Modified

2024-08-05 15:11

Severity ?

CWE

Summary

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.

References

▼	URL	Tags
	https://access.redhat.com/errata/RHSA-2017:2547	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:0319	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id/1038334	vdb-entry, x_refsource_SECTRACK
	https://www.debian.org/security/2018/dsa-4215	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2017:2546	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/97948	vdb-entry, x_refsource_BID
	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	x_refsource_CONFIRM
	https://xmlgraphics.apache.org/security.html	x_refsource_CONFIRM
	https://www.oracle.com/security-alerts/cpuoct2020.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Batik	Version: before 1.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:11:47.301Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:2547",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2547"
          },
          {
            "name": "RHSA-2018:0319",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0319"
          },
          {
            "name": "1038334",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038334"
          },
          {
            "name": "DSA-4215",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4215"
          },
          {
            "name": "RHSA-2017:2546",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2546"
          },
          {
            "name": "97948",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97948"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://xmlgraphics.apache.org/security.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Batik",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "before 1.9"
            }
          ]
        }
      ],
      "datePublic": "2017-04-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "XXE",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T21:14:52",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "RHSA-2017:2547",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2547"
        },
        {
          "name": "RHSA-2018:0319",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0319"
        },
        {
          "name": "1038334",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038334"
        },
        {
          "name": "DSA-4215",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4215"
        },
        {
          "name": "RHSA-2017:2546",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2546"
        },
        {
          "name": "97948",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97948"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://xmlgraphics.apache.org/security.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2017-5662",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Batik",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 1.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "XXE"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:2547",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2547"
            },
            {
              "name": "RHSA-2018:0319",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0319"
            },
            {
              "name": "1038334",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038334"
            },
            {
              "name": "DSA-4215",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4215"
            },
            {
              "name": "RHSA-2017:2546",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2546"
            },
            {
              "name": "97948",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97948"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "https://xmlgraphics.apache.org/security.html",
              "refsource": "CONFIRM",
              "url": "https://xmlgraphics.apache.org/security.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2017-5662",
    "datePublished": "2017-04-18T14:00:00",
    "dateReserved": "2017-01-29T00:00:00",
    "dateUpdated": "2024-08-05T15:11:47.301Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted