xmlgraphics-batik-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lars Krapf (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (BATIK-1018) "XML External Entities" vulnerability
Date Wed, 02 Dec 2015 22:40:11 GMT

     [ https://issues.apache.org/jira/browse/BATIK-1018?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Lars Krapf updated BATIK-1018:
------------------------------
    Attachment: ssrf.svg

{code}
chaotic@m0lly:~$ nc -l 2323

GET / HTTP/1.1
User-Agent: Java/1.7.0_60-ea
Host: localhost:2323
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
{code}

> "XML External Entities" vulnerability
> -------------------------------------
>
>                 Key: BATIK-1018
>                 URL: https://issues.apache.org/jira/browse/BATIK-1018
>             Project: Batik
>          Issue Type: Bug
>          Components: Web Site
>    Affects Versions: 1.8
>         Environment: Operating System: All
> Platform: All
>            Reporter: Nicolas GREGOIRE
>            Assignee: Batik Developer's Mailing list
>             Fix For: trunk
>
>         Attachments: ssrf.svg, xxe.png, xxe.svg
>
>
> During visualization with Squiggle or rasterization via the CLI tool, XML external entities
defined in the DTD are dereferenced and the content of the target file is included in the
output.
> The impact of this vulnerability range form denial of service to file disclosure. Under
Windows, it can also be used to steal LM/NTLM hashes.
> For some additional information about XXE attacks, please refer to http://cwe.mitre.org/data/definitions/827.html
> How to reproduce: 
> $> rasterizer xxe.svg -d xxe.png



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: batik-dev-unsubscribe@xmlgraphics.apache.org
For additional commands, e-mail: batik-dev-help@xmlgraphics.apache.org


Mime
View raw message