CVE-2017-5662
batik: XML external entity processing vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
En Apache Batik en versiones anteriores a 1.9, los archivos que se basan en el sistema de archivos del servidor que utiliza batik pueden ser revelados a usuarios arbitrarios los cuales mandan archivos SVG formados maliciosamente. Los tipos de archivo que se pueden mostrar dependen del contexto del usuario en el que la aplicación explotada se está ejecutando. Si el usuario es root, el comprometimiento completo del servidor - incluyendo los archivos sensibles y confidenciales - sería posible. XXE también puede ser utilizado para atacar la disponibilidad del servidor a través de una denegación del servicio, ya que las referencias dentro de un documento xml pueden desencadenar trivialmente un ataque de amplificación.
An XXE vulnerability was found in Apache Batik which could allow a remote attacker to retrieve the files on the vulnerable server's filesystem by uploading specially crafted SVG images. The vulnerability could also allow a denial of service condition by performing an amplification attack.
Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.4.5 serves as a replacement for Red Hat JBoss BRMS 6.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-01-29 CVE Reserved
- 2017-04-18 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-611: Improper Restriction of XML External Entity Reference
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | X_refsource_confirm |
|
| http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | X_refsource_confirm |
|
| http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | X_refsource_confirm |
|
| http://www.securityfocus.com/bid/97948 | Third Party Advisory | |
| http://www.securitytracker.com/id/1038334 | Vdb Entry | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | X_refsource_misc |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://xmlgraphics.apache.org/security.html | 2020-10-20 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2017:2546 | 2020-10-20 | |
| https://access.redhat.com/errata/RHSA-2017:2547 | 2020-10-20 | |
| https://access.redhat.com/errata/RHSA-2018:0319 | 2020-10-20 | |
| https://www.debian.org/security/2018/dsa-4215 | 2020-10-20 | |
| https://access.redhat.com/security/cve/CVE-2017-5662 | 2018-02-14 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1443592 | 2018-02-14 |