what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2015-0250

Status Candidate

Overview

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Related Files

Red Hat Security Advisory 2016-0041-01
Posted Jan 15, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0041-01 - Red Hat JBoss BRMS is a business-rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.1.5 serves as a replacement for Red Hat JBoss BRMS 6.1.2, and includes bug fixes and enhancements that are documented in the README.txt file included with the patch files. The following security issue is also fixed with this release: It was found that batik was vulnerable to XML External Entity attacks when parsing SVG files. A remote attacker able to send malicious SVG content to the affected server could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

tags | advisory, remote, xxe
systems | linux, redhat
advisories | CVE-2015-0250
SHA-256 | ecf50ed6b27bd5cb65f243cf38a699b302292ed4b30ec06c24b2a7e8a36ce9ac
Red Hat Security Advisory 2016-0042-01
Posted Jan 15, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0042-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.1.5 serves as a replacement for Red Hat JBoss BPM Suite 6.1.2, and includes bug fixes and enhancements, which are documented in the README.txt file included with the patch files. The following security issue is also fixed with this release: It was found that batik was vulnerable to XML External Entity attacks when parsing SVG files. A remote attacker able to send malicious SVG content to the affected server could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

tags | advisory, remote, xxe
systems | linux, redhat
advisories | CVE-2015-0250
SHA-256 | 44ac4683b3f4026f361e4266c427d6d4681a4e87c9c31c5b5815e0a422ee0fca
Red Hat Security Advisory 2015-2560-01
Posted Dec 7, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2560-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.2.0 serves as a replacement for Red Hat JBoss BPM Suite 6.1.2, and includes bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-0250, CVE-2015-6748, CVE-2015-7501
SHA-256 | b31590bd5428473b82cac74a3e51a9ceeb6c65e056d08c5a155284cc088e7457
Red Hat Security Advisory 2015-2559-01
Posted Dec 7, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2559-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.2.0 serves as a replacement for Red Hat JBoss BRMS 6.1.2, and includes bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-0250, CVE-2015-6748, CVE-2015-7501
SHA-256 | 8e929ffd0869a3d98996e4284a5dff64f0935663f5489c95527f4db30aa478bd
Mandriva Linux Security Advisory 2015-203
Posted Apr 13, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-203 - Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption.

tags | advisory, arbitrary, xxe
systems | linux, mandriva
advisories | CVE-2015-0250
SHA-256 | 5eda7626171582440bef2089c8e9705f885b66c61b26757776ce0f17cd019bcc
Debian Security Advisory 3205-1
Posted Mar 27, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3205-1 - Nicolas Gregoire and Kevin Schaller discovered that Batik, a toolkit for processing SVG images, would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption.

tags | advisory, arbitrary, xxe
systems | linux, debian
advisories | CVE-2015-0250
SHA-256 | 6e1aea3d8c41b78ffa32747b1dcaa58281ffe140531931a4580db32309a685ca
Ubuntu Security Notice USN-2548-1
Posted Mar 25, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2548-1 - Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption.

tags | advisory, arbitrary, xxe
systems | linux, ubuntu
advisories | CVE-2015-0250
SHA-256 | d292c8c54c0625368669907a9cb53fed70161f0ef2a1072fca343fe9f3cbc9da
Apache Batik XXE Injection
Posted Mar 23, 2015
Authored by Kevin Schaller

Apache Batik suffers from an XML external entity (XXE) injection vulnerability.

tags | advisory, xxe
advisories | CVE-2015-0250
SHA-256 | 0d4ea687c6256b341e53f9d48115540d7d0aa060c1c7eeaef6476e26de6a2c49
Page 1 of 1
Back1Next

File Archive:

September 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    2 Files
  • 2
    Sep 2nd
    21 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    17 Files
  • 5
    Sep 5th
    34 Files
  • 6
    Sep 6th
    29 Files
  • 7
    Sep 7th
    11 Files
  • 8
    Sep 8th
    25 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    26 Files
  • 12
    Sep 12th
    23 Files
  • 13
    Sep 13th
    17 Files
  • 14
    Sep 14th
    22 Files
  • 15
    Sep 15th
    16 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    19 Files
  • 19
    Sep 19th
    60 Files
  • 20
    Sep 20th
    23 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    8 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    17 Files
  • 26
    Sep 26th
    3 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close