Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-5662

Опубликовано: 18 апр. 2017
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 7.9
CVSS3: 7.3

Описание

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.

РелизСтатусПримечание
artful

ignored

end of life
bionic

not-affected

1.9-3
cosmic

not-affected

1.9-3
devel

not-affected

1.9-3
disco

not-affected

1.9-3
eoan

not-affected

1.9-3
esm-apps/bionic

not-affected

1.9-3
esm-apps/focal

not-affected

1.9-3
esm-apps/jammy

not-affected

1.9-3
esm-apps/noble

not-affected

1.9-3

Показывать по

Ссылки на источники

EPSS

Процентиль: 47%
0.00244
Низкий

7.9 High

CVSS2

7.3 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2017-5662

CVSS3: 7.5
redhat
почти 9 лет назад

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.

nvd логотип

CVE-2017-5662

CVSS3: 7.3
nvd
почти 9 лет назад

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.

debian логотип

CVE-2017-5662

CVSS3: 7.3
debian
почти 9 лет назад

In Apache Batik before 1.9, files lying on the filesystem of the serve ...

github логотип

GHSA-qwgx-59jw-qfg9

CVSS3: 7.3
github
больше 3 лет назад

Improper Restriction of XML External Entity Reference in Apache Batik

suse-cvrf логотип

SUSE-SU-2024:0777-1

suse-cvrf
почти 2 года назад

Security update for xmlgraphics-batik

EPSS

Процентиль: 47%
0.00244
Низкий

7.9 High

CVSS2

7.3 High

CVSS3