CVE-2017-5662 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2017-5662 Interim 1 24 2024-03-07T01:42:57Z current 2021-05-30T13:52:57Z 2024-03-07T01:42:57Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2017-5662 In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2024-March/018100.html E-Mail link for SUSE-SU-2024:0777-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE CaaS Platform 4.5 SUSE Enterprise Storage 7 SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Linux Enterprise Real Time 15 SP2 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Linux Enterprise Server Business Critical Linux 15 SP2 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Manager Proxy 4.1 SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Manager Retail Branch Server 4.1 SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Manager Server 4.1 SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Development Tools 15 SP4 xmlgraphics-batik xmlgraphics-batik-1.17-2.7.1 xmlgraphics-batik-css xmlgraphics-batik-1.17-2.7.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 xmlgraphics-batik as a component of SUSE CaaS Platform 4.5 xmlgraphics-batik as a component of SUSE Enterprise Storage 7 xmlgraphics-batik as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS xmlgraphics-batik-css as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS xmlgraphics-batik as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS xmlgraphics-batik-css as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS xmlgraphics-batik as a component of SUSE Linux Enterprise Module for Development Tools 15 SP3 xmlgraphics-batik-css as a component of SUSE Linux Enterprise Module for Development Tools 15 SP3 xmlgraphics-batik as a component of SUSE Linux Enterprise Module for Development Tools 15 SP4 xmlgraphics-batik-css as a component of SUSE Linux Enterprise Module for Development Tools 15 SP4 xmlgraphics-batik as a component of SUSE Linux Enterprise Real Time 15 SP2 xmlgraphics-batik-css as a component of SUSE Linux Enterprise Real Time 15 SP2 xmlgraphics-batik as a component of SUSE Linux Enterprise Server 15 SP2-LTSS xmlgraphics-batik-css as a component of SUSE Linux Enterprise Server 15 SP2-LTSS xmlgraphics-batik as a component of SUSE Linux Enterprise Server Business Critical Linux 15 SP2 xmlgraphics-batik as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 xmlgraphics-batik-css as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 xmlgraphics-batik as a component of SUSE Manager Proxy 4.1 xmlgraphics-batik as a component of SUSE Manager Retail Branch Server 4.1 xmlgraphics-batik as a component of SUSE Manager Server 4.1 In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack. CVE-2017-5662 SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.17-2.7.1 SUSE CaaS Platform 4.5:xmlgraphics-batik SUSE Enterprise Storage 7:xmlgraphics-batik SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:xmlgraphics-batik SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:xmlgraphics-batik-css SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xmlgraphics-batik SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xmlgraphics-batik-css SUSE Linux Enterprise Module for Development Tools 15 SP3:xmlgraphics-batik SUSE Linux Enterprise Module for Development Tools 15 SP3:xmlgraphics-batik-css SUSE Linux Enterprise Module for Development Tools 15 SP4:xmlgraphics-batik SUSE Linux Enterprise Module for Development Tools 15 SP4:xmlgraphics-batik-css SUSE Linux Enterprise Real Time 15 SP2:xmlgraphics-batik SUSE Linux Enterprise Real Time 15 SP2:xmlgraphics-batik-css SUSE Linux Enterprise Server 15 SP2-LTSS:xmlgraphics-batik SUSE Linux Enterprise Server 15 SP2-LTSS:xmlgraphics-batik-css SUSE Linux Enterprise Server Business Critical Linux 15 SP2:xmlgraphics-batik SUSE Linux Enterprise Server for SAP Applications 15 SP2:xmlgraphics-batik SUSE Linux Enterprise Server for SAP Applications 15 SP2:xmlgraphics-batik-css SUSE Manager Proxy 4.1:xmlgraphics-batik SUSE Manager Retail Branch Server 4.1:xmlgraphics-batik SUSE Manager Server 4.1:xmlgraphics-batik important 3.6 AV:L/AC:L/Au:N/C:P/I:N/A:P 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N