{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-03-17T00:00:00", "descriptions": [{"lang": "en", "value": "XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-03T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "USN-2548-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2548-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963275"}, {"name": "MDVSA-2015:203", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:203"}, {"name": "DSA-3205", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3205"}, {"name": "1032781", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032781"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://advisories.mageia.org/MGASA-2015-0138.html"}, {"name": "20150322 [CVE-2015-0250] Apache Batik Information Disclosure Vulnerability (XXE Injection)", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2015/Mar/142"}, {"name": "RHSA-2016:0042", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0042.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://xmlgraphics.apache.org/security.html"}, {"name": "RHSA-2016:0041", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0041.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/130964/Apache-Batik-XXE-Injection.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-0250", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-2548-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2548-1"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21963275", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963275"}, {"name": "MDVSA-2015:203", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:203"}, {"name": "DSA-3205", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3205"}, {"name": "1032781", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032781"}, {"name": "http://advisories.mageia.org/MGASA-2015-0138.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2015-0138.html"}, {"name": "20150322 [CVE-2015-0250] Apache Batik Information Disclosure Vulnerability (XXE Injection)", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2015/Mar/142"}, {"name": "RHSA-2016:0042", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0042.html"}, {"name": "http://xmlgraphics.apache.org/security.html", "refsource": "CONFIRM", "url": "http://xmlgraphics.apache.org/security.html"}, {"name": "RHSA-2016:0041", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0041.html"}, {"name": "http://packetstormsecurity.com/files/130964/Apache-Batik-XXE-Injection.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/130964/Apache-Batik-XXE-Injection.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:03:10.455Z"}, "title": "CVE Program Container", "references": [{"name": "USN-2548-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2548-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963275"}, {"name": "MDVSA-2015:203", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:203"}, {"name": "DSA-3205", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3205"}, {"name": "1032781", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1032781"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://advisories.mageia.org/MGASA-2015-0138.html"}, {"name": "20150322 [CVE-2015-0250] Apache Batik Information Disclosure Vulnerability (XXE Injection)", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2015/Mar/142"}, {"name": "RHSA-2016:0042", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0042.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://xmlgraphics.apache.org/security.html"}, {"name": "RHSA-2016:0041", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0041.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/130964/Apache-Batik-XXE-Injection.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-0250", "datePublished": "2015-03-24T17:00:00", "dateReserved": "2014-11-18T00:00:00", "dateUpdated": "2024-08-06T04:03:10.455Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:batik:*:*:*:*:*:*:*:*", "matchCriteriaId": "7DC0508D-B46A-4282-83BD-5CEBDB76B7FB", "versionEndIncluding": "1.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "494221AE-DB44-4CBA-B4F2-77769667B539", "versionEndIncluding": "6.1.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file."}, {"lang": "es", "value": "Vulnerabilidad de entidad externa XML (XXE) en los gr\u00e1ficos vectoriales redimensionables en las clases de conversi\u00f3n (1) PNG y (2) JPG en Apache Batik 1.x anterior a 1.8 permite a atacantes remotos leer ficheros arbitrarios o causar una denegaci\u00f3n de servicio a trav\u00e9s de un fichero de gr\u00e1ficos vectoriales redimensionables manipulado."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/611.html\">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>", "id": "CVE-2015-0250", "lastModified": "2024-11-21T02:22:39.153", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-03-24T17:59:00.070", "references": [{"source": "secalert@redhat.com", "url": "http://advisories.mageia.org/MGASA-2015-0138.html"}, {"source": "secalert@redhat.com", "url": "http://packetstormsecurity.com/files/130964/Apache-Batik-XXE-Injection.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-0041.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-0042.html"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://seclists.org/fulldisclosure/2015/Mar/142"}, {"source": "secalert@redhat.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963275"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2015/dsa-3205"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:203"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1032781"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.ubuntu.com/usn/USN-2548-1"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://xmlgraphics.apache.org/security.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://advisories.mageia.org/MGASA-2015-0138.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/130964/Apache-Batik-XXE-Injection.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-0041.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-0042.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://seclists.org/fulldisclosure/2015/Mar/142"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963275"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2015/dsa-3205"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:203"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1032781"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.ubuntu.com/usn/USN-2548-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://xmlgraphics.apache.org/security.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2016:0042", "cpe": "cpe:/a:redhat:jboss_bpms:6.1", "package": "batik", "product_name": "Red Hat JBoss BPMS 6.1", "release_date": "2016-01-14T00:00:00Z"}, {"advisory": "RHSA-2015:2560", "cpe": "cpe:/a:redhat:jboss_bpms:6.2", "package": "batik", "product_name": "Red Hat JBoss BPMS 6.2", "release_date": "2015-12-07T00:00:00Z"}, {"advisory": "RHSA-2016:0041", "cpe": "cpe:/a:redhat:jboss_brms:6.1", "package": "batik", "product_name": "Red Hat JBoss BRMS 6.1", "release_date": "2016-01-14T00:00:00Z"}, {"advisory": "RHSA-2015:2559", "cpe": "cpe:/a:redhat:jboss_brms:6.2", "package": "batik", "product_name": "Red Hat JBoss BRMS 6.2", "release_date": "2015-12-07T00:00:00Z"}], "bugzilla": {"description": "batik: XML External Entity (XXE) injection in SVG parsing", "id": "1203762", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203762"}, "csaw": false, "cvss": {"cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "status": "verified"}, "cwe": "CWE-611", "details": ["XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.", "It was found that batik was vulnerable to XML External Entity attacks when parsing SVG files. A remote attacker able to send malicious SVG content to the affected server could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks."], "name": "CVE-2015-0250", "package_state": [{"cpe": "cpe:/a:redhat:developer_toolset:2.1", "fix_state": "Will not fix", "package_name": "batik", "product_name": "Red Hat Developer Toolset 2.1"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "batik", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "batik", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_linux:7::hypervisor", "fix_state": "Will not fix", "package_name": "jasperreports-server-pro", "product_name": "Red Hat Enterprise Virtualization 3"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:5", "fix_state": "Will not fix", "package_name": "batik", "product_name": "Red Hat JBoss BRMS 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Not affected", "package_name": "fuse", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Affected", "package_name": "batik", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:5", "fix_state": "Will not fix", "package_name": "batik", "product_name": "Red Hat JBoss SOA Platform 5"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Not affected", "package_name": "jboss-eap6-modules", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Not affected", "package_name": "openshift-origin-cartridge-fuse", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Will not fix", "package_name": "rh-java-common-batik", "product_name": "Red Hat Software Collections"}], "public_date": "2012-07-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-0250\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0250\nhttp://xmlgraphics.apache.org/security.html"], "threat_severity": "Moderate", "upstream_fix": "Batik 1.8, Batik 1.7.1, Batik 1.6.1"}