Informazioni sul CVE-2017-5662
N/A
CWE ID: N/A
Base Score (CVSS): N/A
CVE: CVE-2017-5662
Descrizione: In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server – including confidential or sensitive files – would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
Vettore di attacco
Punteggio CVSS
Il CVSS è un sistema di valutazione che misura la gravità di una vulnerabilità informatica considerando fattori come l’impatto potenziale, la probabilità di attacco e la facilità di esecuzione.
Riassunto: .
Dettaglio del Vettore
| Metrica | Valore | Significato | Descrizione |
|---|
Riferimenti esterni
- https://access.redhat.com/errata/RHSA-2017:2547
- https://access.redhat.com/errata/RHSA-2018:0319
- http://www.securitytracker.com/id/1038334
- https://www.debian.org/security/2018/dsa-4215
- https://access.redhat.com/errata/RHSA-2017:2546
- http://www.securityfocus.com/bid/97948
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- https://xmlgraphics.apache.org/security.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
Prodotti interessati
- Apache Software Foundation – Apache Batik
Relazioni con altri prodotti
Produttore:Apache Software Foundation
Prodotto: Apache Batik
Anno: 2017
CWE:
CVSS: 0.0