CVE-2019-17566

batik: SSRF via "xlink:href"

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

Apache Batik es vulnerable a un ataque de tipo server-side request forgery, causada por una comprobación inapropiada de la entrada por parte de los atributos "xlink:href". Al utilizar un argumento especialmente diseñado, un atacante podría explotar esta vulnerabilidad para causar que el servidor subyacente realice peticiones GET arbitrarias

A flaw was found in the Apache Batik library, where it is vulnerable to a Server-Side Request Forgery attack (SSRF) via "xlink:href" attributes. This flaw allows an attacker to cause the underlying server to make arbitrary GET requests. The highest threat from this vulnerability is to system integrity.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-10-14 CVE Reserved
2020-11-06 CVE Published
2024-01-10 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-352: Cross-Site Request Forgery (CSRF)
CWE-918: Server-Side Request Forgery (SSRF)

CAPEC

References (12)

URL	Tag	Source
https://lists.apache.org/thread.html/rab94fe68b180d2e2fba97abf6fe1ec83cff826be25f86cd90f047171%40%3Ccommits.myfaces.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rcab14a9ec91aa4c151e0729966282920423eff50a22759fd21db6509%40%3Ccommits.myfaces.apache.org%3E	Mailing List

URL	Date	SRC

URL	Date	SRC
https://www.oracle.com//security-alerts/cpujul2021.html	2024-01-07
https://www.oracle.com/security-alerts/cpuApr2021.html	2024-01-07
https://www.oracle.com/security-alerts/cpujan2021.html	2024-01-07
https://www.oracle.com/security-alerts/cpujan2022.html	2024-01-07
https://www.oracle.com/security-alerts/cpujul2022.html	2024-01-07
https://www.oracle.com/security-alerts/cpuoct2021.html	2024-01-07

URL	Date	SRC
https://security.gentoo.org/glsa/202401-11	2024-01-07
https://xmlgraphics.apache.org/security.html	2024-01-07
https://access.redhat.com/security/cve/CVE-2019-17566	2020-12-16
https://bugzilla.redhat.com/show_bug.cgi?id=1848617	2020-12-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Batik Search vendor "Apache" for product "Batik"				< 1.13 Search vendor "Apache" for product "Batik" and version " < 1.13"		-		Affected
Oracle Search vendor "Oracle"		Api Gateway Search vendor "Oracle" for product "Api Gateway"				11.1.2.4.0 Search vendor "Oracle" for product "Api Gateway" and version "11.1.2.4.0"		-		Affected
Oracle Search vendor "Oracle"		Business Intelligence Search vendor "Oracle" for product "Business Intelligence"				5.5.0.0.0 Search vendor "Oracle" for product "Business Intelligence" and version "5.5.0.0.0"		enterprise		Affected
Oracle Search vendor "Oracle"		Business Intelligence Search vendor "Oracle" for product "Business Intelligence"				5.9.0.0.0 Search vendor "Oracle" for product "Business Intelligence" and version "5.9.0.0.0"		enterprise		Affected
Oracle Search vendor "Oracle"		Business Intelligence Search vendor "Oracle" for product "Business Intelligence"				12.2.1.3.0 Search vendor "Oracle" for product "Business Intelligence" and version "12.2.1.3.0"		enterprise		Affected
Oracle Search vendor "Oracle"		Business Intelligence Search vendor "Oracle" for product "Business Intelligence"				12.2.1.4.0 Search vendor "Oracle" for product "Business Intelligence" and version "12.2.1.4.0"		enterprise		Affected
Oracle Search vendor "Oracle"		Communications Application Session Controller Search vendor "Oracle" for product "Communications Application Session Controller"				3.9m0p2 Search vendor "Oracle" for product "Communications Application Session Controller" and version "3.9m0p2"		-		Affected
Oracle Search vendor "Oracle"		Communications Metasolv Solution Search vendor "Oracle" for product "Communications Metasolv Solution"				>= 6.3.0 <= 6.3.1 Search vendor "Oracle" for product "Communications Metasolv Solution" and version " >= 6.3.0 <= 6.3.1"		-		Affected
Oracle Search vendor "Oracle"		Communications Offline Mediation Controller Search vendor "Oracle" for product "Communications Offline Mediation Controller"				12.0.0.3.0 Search vendor "Oracle" for product "Communications Offline Mediation Controller" and version "12.0.0.3.0"		-		Affected
Oracle Search vendor "Oracle"		Enterprise Repository Search vendor "Oracle" for product "Enterprise Repository"				11.1.1.7.0 Search vendor "Oracle" for product "Enterprise Repository" and version "11.1.1.7.0"		-		Affected
Oracle Search vendor "Oracle"		Financial Services Analytical Applications Infrastructure Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure"				>= 8.0.6 <= 8.1.0 Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version " >= 8.0.6 <= 8.1.0"		-		Affected
Oracle Search vendor "Oracle"		Fusion Middleware Mapviewer Search vendor "Oracle" for product "Fusion Middleware Mapviewer"				12.2.1.4.0 Search vendor "Oracle" for product "Fusion Middleware Mapviewer" and version "12.2.1.4.0"		-		Affected
Oracle Search vendor "Oracle"		Hospitality Opera 5 Search vendor "Oracle" for product "Hospitality Opera 5"				5.5 Search vendor "Oracle" for product "Hospitality Opera 5" and version "5.5"		-		Affected
Oracle Search vendor "Oracle"		Hospitality Opera 5 Search vendor "Oracle" for product "Hospitality Opera 5"				5.6 Search vendor "Oracle" for product "Hospitality Opera 5" and version "5.6"		-		Affected
Oracle Search vendor "Oracle"		Hyperion Financial Reporting Search vendor "Oracle" for product "Hyperion Financial Reporting"				11.1.2.4 Search vendor "Oracle" for product "Hyperion Financial Reporting" and version "11.1.2.4"		-		Affected
Oracle Search vendor "Oracle"		Hyperion Financial Reporting Search vendor "Oracle" for product "Hyperion Financial Reporting"				11.2.5.0 Search vendor "Oracle" for product "Hyperion Financial Reporting" and version "11.2.5.0"		-		Affected
Oracle Search vendor "Oracle"		Instantis Enterprisetrack Search vendor "Oracle" for product "Instantis Enterprisetrack"				>= 17.1 <= 17.3 Search vendor "Oracle" for product "Instantis Enterprisetrack" and version " >= 17.1 <= 17.3"		-		Affected
Oracle Search vendor "Oracle"		Jd Edwards Enterpriseone Tools Search vendor "Oracle" for product "Jd Edwards Enterpriseone Tools"				< 9.2.4.0 Search vendor "Oracle" for product "Jd Edwards Enterpriseone Tools" and version " < 9.2.4.0"		-		Affected
Oracle Search vendor "Oracle"		Jd Edwards Enterpriseone Tools Search vendor "Oracle" for product "Jd Edwards Enterpriseone Tools"				9.2.4.2 Search vendor "Oracle" for product "Jd Edwards Enterpriseone Tools" and version "9.2.4.2"		-		Affected
Oracle Search vendor "Oracle"		Retail Integration Bus Search vendor "Oracle" for product "Retail Integration Bus"				15.0.3 Search vendor "Oracle" for product "Retail Integration Bus" and version "15.0.3"		-		Affected
Oracle Search vendor "Oracle"		Retail Order Broker Search vendor "Oracle" for product "Retail Order Broker"				15.0 Search vendor "Oracle" for product "Retail Order Broker" and version "15.0"		-		Affected
Oracle Search vendor "Oracle"		Retail Order Broker Search vendor "Oracle" for product "Retail Order Broker"				16.0 Search vendor "Oracle" for product "Retail Order Broker" and version "16.0"		-		Affected
Oracle Search vendor "Oracle"		Retail Order Management System Cloud Service Search vendor "Oracle" for product "Retail Order Management System Cloud Service"				19.5 Search vendor "Oracle" for product "Retail Order Management System Cloud Service" and version "19.5"		-		Affected
Oracle Search vendor "Oracle"		Retail Point-of-service Search vendor "Oracle" for product "Retail Point-of-service"				14.1 Search vendor "Oracle" for product "Retail Point-of-service" and version "14.1"		-		Affected
Oracle Search vendor "Oracle"		Retail Returns Management Search vendor "Oracle" for product "Retail Returns Management"				14.1 Search vendor "Oracle" for product "Retail Returns Management" and version "14.1"		-		Affected