cnvd - cnvd-2017-05675

CNVD-2017-05675

Vulnerability from cnvd - Published: 2017-04-30

Title

Apache Batik XXE信息泄露漏洞

Description

Apache Batik是一个纯Java库，可用于渲染、生成及操纵SVG图形。 Apache Batik XXE存在信息泄露漏洞。在Apache Batik中，位于使用batik的服务器的文件系统上的文件可被泄露给发送恶意形成的SVG文件的任意用户。可以显示的文件类型取决于可以利用的应用程序正在运行的用户上下文。如果用户是root用户，则可能会对服务器（包括机密或敏感文件）造成完全的危害。还可使用XXE通过拒绝服务攻击服务器的可用性，因为xml文档中的引用可能触发放大攻击。

Severity

高

Patch Name

Apache Batik XXE信息泄露漏洞的补丁

Patch Description

Apache Batik是一个纯Java库，可用于渲染、生成及操纵SVG图形。在Apache Batik中，位于使用batik的服务器的文件系统上的文件可被泄露给发送恶意形成的SVG文件的任意用户。可以显示的文件类型取决于可以利用的应用程序正在运行的用户上下文。如果用户是root用户，则可能会对服务器（包括机密或敏感文件）造成完全的危害。还可使用XXE通过拒绝服务攻击服务器的可用性，因为xml文档中的引用可能触发放大攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://xmlgraphics.apache.org/security.html

Reference

https://xmlgraphics.apache.org/security.html

Impacted products

Name
['Apache Software Foundation Batik SVG Toolkit 1.7', 'Apache Batik 1.8', 'Apache Batik 1.7', 'Apache Batik 1.6', 'Apache Batik 1.5.1', 'Apache Batik 1.5', 'Apache Batik 1.1.1', 'Apache Batik 1.1', 'Apache Batik 1.0']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "97948"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-5662"
    }
  },
  "description": "Apache Batik\u662f\u4e00\u4e2a\u7eafJava\u5e93\uff0c\u53ef\u7528\u4e8e\u6e32\u67d3\u3001\u751f\u6210\u53ca\u64cd\u7eb5SVG\u56fe\u5f62\u3002\r\n\r\nApache Batik XXE\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u5728Apache Batik\u4e2d\uff0c\u4f4d\u4e8e\u4f7f\u7528batik\u7684\u670d\u52a1\u5668\u7684\u6587\u4ef6\u7cfb\u7edf\u4e0a\u7684\u6587\u4ef6\u53ef\u88ab\u6cc4\u9732\u7ed9\u53d1\u9001\u6076\u610f\u5f62\u6210\u7684SVG\u6587\u4ef6\u7684\u4efb\u610f\u7528\u6237\u3002\u53ef\u4ee5\u663e\u793a\u7684\u6587\u4ef6\u7c7b\u578b\u53d6\u51b3\u4e8e\u53ef\u4ee5\u5229\u7528\u7684\u5e94\u7528\u7a0b\u5e8f\u6b63\u5728\u8fd0\u884c\u7684\u7528\u6237\u4e0a\u4e0b\u6587\u3002\u5982\u679c\u7528\u6237\u662froot\u7528\u6237\uff0c\u5219\u53ef\u80fd\u4f1a\u5bf9\u670d\u52a1\u5668\uff08\u5305\u62ec\u673a\u5bc6\u6216\u654f\u611f\u6587\u4ef6\uff09\u9020\u6210\u5b8c\u5168\u7684\u5371\u5bb3\u3002\u8fd8\u53ef\u4f7f\u7528XXE\u901a\u8fc7\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u670d\u52a1\u5668\u7684\u53ef\u7528\u6027\uff0c\u56e0\u4e3axml\u6587\u6863\u4e2d\u7684\u5f15\u7528\u53ef\u80fd\u89e6\u53d1\u653e\u5927\u653b\u51fb\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://xmlgraphics.apache.org/security.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-05675",
  "openTime": "2017-04-30",
  "patchDescription": "Apache Batik\u662f\u4e00\u4e2a\u7eafJava\u5e93\uff0c\u53ef\u7528\u4e8e\u6e32\u67d3\u3001\u751f\u6210\u53ca\u64cd\u7eb5SVG\u56fe\u5f62\u3002\r\n\u5728Apache Batik\u4e2d\uff0c\u4f4d\u4e8e\u4f7f\u7528batik\u7684\u670d\u52a1\u5668\u7684\u6587\u4ef6\u7cfb\u7edf\u4e0a\u7684\u6587\u4ef6\u53ef\u88ab\u6cc4\u9732\u7ed9\u53d1\u9001\u6076\u610f\u5f62\u6210\u7684SVG\u6587\u4ef6\u7684\u4efb\u610f\u7528\u6237\u3002\u53ef\u4ee5\u663e\u793a\u7684\u6587\u4ef6\u7c7b\u578b\u53d6\u51b3\u4e8e\u53ef\u4ee5\u5229\u7528\u7684\u5e94\u7528\u7a0b\u5e8f\u6b63\u5728\u8fd0\u884c\u7684\u7528\u6237\u4e0a\u4e0b\u6587\u3002\u5982\u679c\u7528\u6237\u662froot\u7528\u6237\uff0c\u5219\u53ef\u80fd\u4f1a\u5bf9\u670d\u52a1\u5668\uff08\u5305\u62ec\u673a\u5bc6\u6216\u654f\u611f\u6587\u4ef6\uff09\u9020\u6210\u5b8c\u5168\u7684\u5371\u5bb3\u3002\u8fd8\u53ef\u4f7f\u7528XXE\u901a\u8fc7\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u670d\u52a1\u5668\u7684\u53ef\u7528\u6027\uff0c\u56e0\u4e3axml\u6587\u6863\u4e2d\u7684\u5f15\u7528\u53ef\u80fd\u89e6\u53d1\u653e\u5927\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Batik XXE\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apache Software Foundation Batik SVG Toolkit 1.7",
      "Apache Batik 1.8",
      "Apache Batik 1.7",
      "Apache Batik 1.6",
      "Apache Batik 1.5.1",
      "Apache Batik 1.5",
      "Apache Batik 1.1.1",
      "Apache Batik 1.1",
      "Apache Batik 1.0"
    ]
  },
  "referenceLink": "https://xmlgraphics.apache.org/security.html",
  "serverity": "\u9ad8",
  "submitTime": "2017-04-26",
  "title": "Apache Batik XXE\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2017-5662 (GCVE-0-2017-5662)

Vulnerability from cvelistv5 – Published: 2017-04-18 14:00 – Updated: 2024-08-05 15:11

Summary

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.

Severity ?

No CVSS data available.

CWE

Assigner

apache

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2017:2547	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:0319	vendor-advisoryx_refsource_REDHAT
	http://www.securitytracker.com/id/1038334	vdb-entryx_refsource_SECTRACK
	https://www.debian.org/security/2018/dsa-4215	vendor-advisoryx_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2017:2546	vendor-advisoryx_refsource_REDHAT
	http://www.securityfocus.com/bid/97948	vdb-entryx_refsource_BID
	http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
	https://xmlgraphics.apache.org/security.html	x_refsource_CONFIRM
	https://www.oracle.com/security-alerts/cpuoct2020.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Batik	Affected: before 1.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:11:47.301Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:2547",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2547"
          },
          {
            "name": "RHSA-2018:0319",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0319"
          },
          {
            "name": "1038334",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038334"
          },
          {
            "name": "DSA-4215",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4215"
          },
          {
            "name": "RHSA-2017:2546",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2546"
          },
          {
            "name": "97948",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97948"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://xmlgraphics.apache.org/security.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Batik",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "before 1.9"
            }
          ]
        }
      ],
      "datePublic": "2017-04-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "XXE",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T21:14:52",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "RHSA-2017:2547",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2547"
        },
        {
          "name": "RHSA-2018:0319",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0319"
        },
        {
          "name": "1038334",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038334"
        },
        {
          "name": "DSA-4215",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4215"
        },
        {
          "name": "RHSA-2017:2546",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2546"
        },
        {
          "name": "97948",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97948"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://xmlgraphics.apache.org/security.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2017-5662",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Batik",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 1.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "XXE"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:2547",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2547"
            },
            {
              "name": "RHSA-2018:0319",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0319"
            },
            {
              "name": "1038334",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038334"
            },
            {
              "name": "DSA-4215",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4215"
            },
            {
              "name": "RHSA-2017:2546",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2546"
            },
            {
              "name": "97948",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97948"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "https://xmlgraphics.apache.org/security.html",
              "refsource": "CONFIRM",
              "url": "https://xmlgraphics.apache.org/security.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2017-5662",
    "datePublished": "2017-04-18T14:00:00",
    "dateReserved": "2017-01-29T00:00:00",
    "dateUpdated": "2024-08-05T15:11:47.301Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-05675

CVE-2017-5662 (GCVE-0-2017-5662)

Tags

Sightings

Nomenclature