CVE-2018-8013
CVSS7.5
发布时间 :2018-05-24 12:29:00
修订时间 :2018-07-18 21:29:09
NMPS    

[原文]In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.


[CNNVD]CNNVD数据暂缺。


[机译]译文暂缺.

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-502 [可信数据的反序列化]

- CPE (受影响的平台与产品)

cpe:/a:apache:batik:1.0Apache Software Foundation Batik 1.0
cpe:/a:apache:batik:1.1Apache Software Foundation Batik 1.1
cpe:/a:apache:batik:1.1:rc1
cpe:/a:apache:batik:1.1:rc2
cpe:/a:apache:batik:1.1:rc3
cpe:/a:apache:batik:1.1:rc4
cpe:/a:apache:batik:1.1.1Apache Software Foundation Batik 1.1.1
cpe:/a:apache:batik:1.5Apache Software Foundation Batik 1.5
cpe:/a:apache:batik:1.5:beta1
cpe:/a:apache:batik:1.5:beta2
cpe:/a:apache:batik:1.5:beta3
cpe:/a:apache:batik:1.5:beta4
cpe:/a:apache:batik:1.5:beta4b
cpe:/a:apache:batik:1.5:beta5
cpe:/a:apache:batik:1.5.1
cpe:/a:apache:batik:1.5.1:rc2
cpe:/a:apache:batik:1.6
cpe:/a:apache:batik:1.6.1
cpe:/a:apache:batik:1.7
cpe:/a:apache:batik:1.7:beta1
cpe:/a:apache:batik:1.7.1
cpe:/a:apache:batik:1.8
cpe:/a:apache:batik:1.9
cpe:/a:apache:batik:1.9.1
cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
cpe:/o:debian:debian_linux:7.0
cpe:/o:debian:debian_linux:8.0
cpe:/o:debian:debian_linux:9.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8013
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8013
(官方数据源) NVD

- 其它链接及资源

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
(UNKNOWN)  CONFIRM  http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.securityfocus.com/bid/104252
(VENDOR_ADVISORY)  BID  104252
http://www.securitytracker.com/id/1040995
(VENDOR_ADVISORY)  SECTRACK  1040995
https://lists.debian.org/debian-lts-announce/2018/05/msg00016.html
(VENDOR_ADVISORY)  MLIST  [debian-lts-announce] 20180525 [SECURITY] [DLA 1385-1] batik security update
https://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f$d01860a0$704921e0$@gmail.com%3e
(VENDOR_ADVISORY)  MLIST  [xmlgraphics-batik-dev] 20180523 [CVE-2018-8013] Apache Batik information disclosure vulnerability
https://usn.ubuntu.com/3661-1/
(VENDOR_ADVISORY)  UBUNTU  USN-3661-1
https://www.debian.org/security/2018/dsa-4215
(VENDOR_ADVISORY)  DEBIAN  DSA-4215
https://xmlgraphics.apache.org/security.html
(VENDOR_ADVISORY)  CONFIRM  https://xmlgraphics.apache.org/security.html

- 漏洞信息 (F147850)

Apache Batik 1.9.1 Information Disclosure (PacketStormID:F147850)
2018-05-24 00:00:00
Man Yue Mo  
advisory,info disclosure
CVE-2018-8013
[点击下载]

Apache Batik versions 1.0 through 1.9.1 suffer from an information disclosure vulnerability.

CVE-2018-8013:
        Apache Batik information disclosure vulnerability

Severity:
        Medium

Vendor:
        The Apache Software Foundation

Versions Affected:
        Batik 1.0 - 1.9.1
 
Description:
        When deserializing subclass of `AbstractDocument`, the class takes a
string from the inputStream as the class name which then use it to call the
no-arg constructor of the class.
        Fix was to check the class type before calling newInstance in
deserialization.

Mitigation:
        Users should upgrade to Batik 1.10+

Credit:
        This issue was independently reported by Man Yue Mo.

References:
        http://xmlgraphics.apache.org/security.html

The Apache XML Graphics team.
    

- 漏洞信息 (F147929)

Ubuntu Security Notice USN-3661-1 (PacketStormID:F147929)
2018-05-29 00:00:00
Ubuntu  security.ubuntu.com
advisory
linux,ubuntu
CVE-2018-8013
[点击下载]

Ubuntu Security Notice 3661-1 - It was discovered that Batik incorrectly handled certain XML. An attacker could possibly use this to expose sensitive information.

==========================================================================
Ubuntu Security Notice USN-3661-1
May 29, 2018

batik vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Batik could be made to expose sensitive information if it received
a specially crafted XML.

Software Description:
- batik: SVG Library

Details:

It was discovered that Batik incorrectly handled certain XML.
An attacker could possibly use this to expose sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  libbatik-java                   1.7.ubuntu-8ubuntu2.14.04.3

In general, a standard system update will make all the necessary
changes.

References:
  https://usn.ubuntu.com/usn/usn-3661-1
  CVE-2018-8013

Package Information:
  https://launchpad.net/ubuntu/+source/batik/1.7.ubuntu-8ubuntu2.14.04.3
    

- 漏洞信息 (F148025)

Debian Security Advisory 4215-1 (PacketStormID:F148025)
2018-06-02 00:00:00
Debian  debian.org
advisory,xss
linux,debian
CVE-2017-5662,CVE-2018-8013
[点击下载]

Debian Linux Security Advisory 4215-1 - Man Yue Mo, Lars Krapf and Pierre Ernst discovered that Batik, a toolkit for processing SVG images, did not properly validate its input. This would allow an attacker to cause a denial-of-service, mount cross-site scripting attacks, or access restricted files on the server.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4215-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
June 02, 2018                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : batik
CVE ID         : CVE-2017-5662 CVE-2018-8013
Debian Bug     : 860566 899374

Man Yue Mo, Lars Krapf and Pierre Ernst discovered that Batik, a
toolkit for processing SVG images, did not properly validate its
input. This would allow an attacker to cause a denial-of-service,
mount cross-site scripting attacks, or access restricted files on the
server.

For the oldstable distribution (jessie), these problems have been fixed
in version 1.7+dfsg-5+deb8u1.

For the stable distribution (stretch), these problems have been fixed in
version 1.8-4+deb9u1.

We recommend that you upgrade your batik packages.

For the detailed security status of batik please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/batik

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlsSUFsACgkQEL6Jg/PV
nWQKAQgAtoVouiI8CAu0mMH4CxzV9Gn+PheDY9BIdjfARj60IPGFt1JgwJGwdhuS
ANRAYaYhwEl+ZJSi5QUunT+tmwjINkWVQ1OoQIULR+/51bbkPQsND8nj2rVsO8z4
BQFJqUVdpbF04nDAP2lxyLMevrS5v9bQTXZfchIQOYhu08+L4HHilnMzRKpeaFNo
jHBfpOhT4puftGQDtPW3+Czrree7yjkyElryVXiaNupH1PYuBs7GH3cGIct4NNv/
7cykB7tf0j7cL+82YOCe5PhWQJfF52uj4Uck92v+muV6G6H7/vNj8irfC+iW7sP1
s58xKHi+VG3tU66xb44dK4MteCk9SA==
=n3ZC
-----END PGP SIGNATURE-----
    

- 漏洞信息

Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
Design Error 104252
Yes No
2018-05-23 12:00:00 2018-05-23 12:00:00
Man Yue Mo

- 受影响的程序版本

Apache Batik 1.9.1
Apache Batik 1.9
Apache Batik 1.8
Apache Batik 1.7
Apache Batik 1.6
Apache Batik 1.5.1
Apache Batik 1.5
Apache Batik 1.1.1
Apache Batik 1.1
Apache Batik 1.0
,Apache Batik 1.10

- 不受影响的程序版本

Apache Batik 1.10

- 漏洞讨论

Apache Batik is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks.

Apache Batik 1.9.1 and prior versions are vulnerable.

- 漏洞利用

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Updates are available. Please see the references or vendor advisory for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站