exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2015-0250

Status Candidate

Overview

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Related Files

Red Hat Security Advisory 2016-0041-01
Posted Jan 15, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0041-01 - Red Hat JBoss BRMS is a business-rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.1.5 serves as a replacement for Red Hat JBoss BRMS 6.1.2, and includes bug fixes and enhancements that are documented in the README.txt file included with the patch files. The following security issue is also fixed with this release: It was found that batik was vulnerable to XML External Entity attacks when parsing SVG files. A remote attacker able to send malicious SVG content to the affected server could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

tags | advisory, remote, xxe
systems | linux, redhat
advisories | CVE-2015-0250
SHA-256 | ecf50ed6b27bd5cb65f243cf38a699b302292ed4b30ec06c24b2a7e8a36ce9ac
Red Hat Security Advisory 2016-0042-01
Posted Jan 15, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0042-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.1.5 serves as a replacement for Red Hat JBoss BPM Suite 6.1.2, and includes bug fixes and enhancements, which are documented in the README.txt file included with the patch files. The following security issue is also fixed with this release: It was found that batik was vulnerable to XML External Entity attacks when parsing SVG files. A remote attacker able to send malicious SVG content to the affected server could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

tags | advisory, remote, xxe
systems | linux, redhat
advisories | CVE-2015-0250
SHA-256 | 44ac4683b3f4026f361e4266c427d6d4681a4e87c9c31c5b5815e0a422ee0fca
Red Hat Security Advisory 2015-2560-01
Posted Dec 7, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2560-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.2.0 serves as a replacement for Red Hat JBoss BPM Suite 6.1.2, and includes bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-0250, CVE-2015-6748, CVE-2015-7501
SHA-256 | b31590bd5428473b82cac74a3e51a9ceeb6c65e056d08c5a155284cc088e7457
Red Hat Security Advisory 2015-2559-01
Posted Dec 7, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2559-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.2.0 serves as a replacement for Red Hat JBoss BRMS 6.1.2, and includes bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-0250, CVE-2015-6748, CVE-2015-7501
SHA-256 | 8e929ffd0869a3d98996e4284a5dff64f0935663f5489c95527f4db30aa478bd
Mandriva Linux Security Advisory 2015-203
Posted Apr 13, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-203 - Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption.

tags | advisory, arbitrary, xxe
systems | linux, mandriva
advisories | CVE-2015-0250
SHA-256 | 5eda7626171582440bef2089c8e9705f885b66c61b26757776ce0f17cd019bcc
Debian Security Advisory 3205-1
Posted Mar 27, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3205-1 - Nicolas Gregoire and Kevin Schaller discovered that Batik, a toolkit for processing SVG images, would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption.

tags | advisory, arbitrary, xxe
systems | linux, debian
advisories | CVE-2015-0250
SHA-256 | 6e1aea3d8c41b78ffa32747b1dcaa58281ffe140531931a4580db32309a685ca
Ubuntu Security Notice USN-2548-1
Posted Mar 25, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2548-1 - Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption.

tags | advisory, arbitrary, xxe
systems | linux, ubuntu
advisories | CVE-2015-0250
SHA-256 | d292c8c54c0625368669907a9cb53fed70161f0ef2a1072fca343fe9f3cbc9da
Apache Batik XXE Injection
Posted Mar 23, 2015
Authored by Kevin Schaller

Apache Batik suffers from an XML external entity (XXE) injection vulnerability.

tags | advisory, xxe
advisories | CVE-2015-0250
SHA-256 | 0d4ea687c6256b341e53f9d48115540d7d0aa060c1c7eeaef6476e26de6a2c49
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close