CVE-2015-0250 - OpenCVE

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Canonical	Ubuntu Linux
Apache	Batik
Redhat	Jboss Enterprise Brms Platform

Configuration 1 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.10:::::::*

Configuration 2 [-]

cpe:2.3:a:apache:batik:*:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:*

References

Link	Resource
http://advisories.mageia.org/MGASA-2015-0138.html
http://packetstormsecurity.com/files/130964/Apache-Batik-XXE-Injection.html
http://rhn.redhat.com/errata/RHSA-2016-0041.html
http://rhn.redhat.com/errata/RHSA-2016-0042.html
http://seclists.org/fulldisclosure/2015/Mar/142	Exploit
http://www-01.ibm.com/support/docview.wss?uid=swg21963275
http://www.debian.org/security/2015/dsa-3205
http://www.mandriva.com/security/advisories?name=MDVSA-2015:203
http://www.securitytracker.com/id/1032781
http://www.ubuntu.com/usn/USN-2548-1	Patch
http://xmlgraphics.apache.org/security.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2015-03-24T17:00:00

Updated: 2017-11-03T18:57:01

Reserved: 2014-11-18T00:00:00

Link: CVE-2015-0250

JSON object: View

NVD Information

Status : Modified

Published: 2015-03-24T17:59:00.070

Modified: 2017-11-04T01:29:01.910

Link: CVE-2015-0250

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-03-17T00:00:00", "descriptions": [{"lang": "en", "value": "XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-03T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "USN-2548-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2548-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963275"}, {"name": "MDVSA-2015:203", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:203"}, {"name": "DSA-3205", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3205"}, {"name": "1032781", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032781"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://advisories.mageia.org/MGASA-2015-0138.html"}, {"name": "20150322 [CVE-2015-0250] Apache Batik Information Disclosure Vulnerability (XXE Injection)", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2015/Mar/142"}, {"name": "RHSA-2016:0042", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0042.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://xmlgraphics.apache.org/security.html"}, {"name": "RHSA-2016:0041", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0041.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/130964/Apache-Batik-XXE-Injection.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-0250", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-2548-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2548-1"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21963275", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963275"}, {"name": "MDVSA-2015:203", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:203"}, {"name": "DSA-3205", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3205"}, {"name": "1032781", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032781"}, {"name": "http://advisories.mageia.org/MGASA-2015-0138.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2015-0138.html"}, {"name": "20150322 [CVE-2015-0250] Apache Batik Information Disclosure Vulnerability (XXE Injection)", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2015/Mar/142"}, {"name": "RHSA-2016:0042", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0042.html"}, {"name": "http://xmlgraphics.apache.org/security.html", "refsource": "CONFIRM", "url": "http://xmlgraphics.apache.org/security.html"}, {"name": "RHSA-2016:0041", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0041.html"}, {"name": "http://packetstormsecurity.com/files/130964/Apache-Batik-XXE-Injection.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/130964/Apache-Batik-XXE-Injection.html"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-0250", "datePublished": "2015-03-24T17:00:00", "dateReserved": "2014-11-18T00:00:00", "dateUpdated": "2017-11-03T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:batik:*:*:*:*:*:*:*:*", "matchCriteriaId": "7DC0508D-B46A-4282-83BD-5CEBDB76B7FB", "versionEndIncluding": "1.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "494221AE-DB44-4CBA-B4F2-77769667B539", "versionEndIncluding": "6.1.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file."}, {"lang": "es", "value": "Vulnerabilidad de entidad externa XML (XXE) en los gr\u00e1ficos vectoriales redimensionables en las clases de conversi\u00f3n (1) PNG y (2) JPG en Apache Batik 1.x anterior a 1.8 permite a atacantes remotos leer ficheros arbitrarios o causar una denegaci\u00f3n de servicio a trav\u00e9s de un fichero de gr\u00e1ficos vectoriales redimensionables manipulado."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/611.html\">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>", "id": "CVE-2015-0250", "lastModified": "2017-11-04T01:29:01.910", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-03-24T17:59:00.070", "references": [{"source": "secalert@redhat.com", "url": "http://advisories.mageia.org/MGASA-2015-0138.html"}, {"source": "secalert@redhat.com", "url": "http://packetstormsecurity.com/files/130964/Apache-Batik-XXE-Injection.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-0041.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-0042.html"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://seclists.org/fulldisclosure/2015/Mar/142"}, {"source": "secalert@redhat.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963275"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2015/dsa-3205"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:203"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1032781"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.ubuntu.com/usn/USN-2548-1"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://xmlgraphics.apache.org/security.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}