Directory Traversal Vulnerability in Apache Batik by Apache Foundation
CVE-2017-5662

7.3HIGH

Key Information:

Vendor

Apache
Status
Apache Batik
Vendor
CVE Published:
18 April 2017

What is CVE-2017-5662?

Apache Batik versions before 1.9 contain a vulnerability that allows unauthorized access to files on the server's filesystem. Maliciously crafted SVG files can exploit this weakness, potentially exposing sensitive files based on the user permissions of the application context. Furthermore, if the application runs with elevated privileges, such as root, it could lead to a full server compromise. Additionally, this vulnerability may be leveraged for denial of service attacks by triggering significant amplification through references in XML documents.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache Batik before 1.9

References

https://access.redhat.com/errata/RHSA-2017:2547
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0319
vendor-advisoryx_refsource_REDHAT
http://www.securitytracker.com/id/1038334
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.