https://bugzilla.redhat.com/show_bug.cgi?id=1848617
Bug ID: 1848617 Summary: CVE-2019-17566 batik: SSRF via "xlink:href" Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: darunesh@redhat.com CC: akurtako@redhat.com, c.david86@gmail.com, decathorpe@gmail.com, java-maint@redhat.com, java-sig-commits@lists.fedoraproject.org, jvanek@redhat.com, mat.booth@redhat.com, mizdebsk@redhat.com, sergio@serjux.com Target Milestone: --- Classification: Other
The Apache Batik library is vulnerable to SSRF via "xlink:href" attributes that allow an attacker to cause the underlying server to make arbitrary GET requests.
References: https://www.openwall.com/lists/oss-security/2020/06/15/2
https://bugzilla.redhat.com/show_bug.cgi?id=1848617
Dhananjay Arunesh darunesh@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1848619
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1848619 [Bug 1848619] CVE-2019-17566 batik: SSRF via "xlink:href" [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1848617
--- Comment #1 from Dhananjay Arunesh darunesh@redhat.com --- Created batik tracking bugs for this issue:
Affects: fedora-all [bug 1848619]
https://bugzilla.redhat.com/show_bug.cgi?id=1848617
Dhananjay Arunesh darunesh@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1848620 Comment|0 |updated
--- Comment #0 has been edited ---
The Apache Batik library is vulnerable to SSRF via "xlink:href" attributes that allow an attacker to cause the underlying server to make arbitrary GET requests.
References: https://www.openwall.com/lists/oss-security/2020/06/15/2
https://bugzilla.redhat.com/show_bug.cgi?id=1848617
Paramvir jindal pjindal@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed In Version| |batik 1.13
https://bugzilla.redhat.com/show_bug.cgi?id=1848617
Paramvir jindal pjindal@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |gvarsami@redhat.com, | |jcoleman@redhat.com, | |kconner@redhat.com, | |ldimaggi@redhat.com, | |nwallace@redhat.com, | |rwagner@redhat.com, | |tcunning@redhat.com, | |tkirby@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1848617
Doran Moppert dmoppert@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1856162, 1856161
https://bugzilla.redhat.com/show_bug.cgi?id=1848617
--- Doc Text *updated* by Paramvir jindal pjindal@redhat.com --- Apache Batik library is vulnerable to SSRF via "xlink:href" attributes that allow an attacker to cause the underlying server to make arbitrary GET requests.
https://bugzilla.redhat.com/show_bug.cgi?id=1848617
--- Doc Text *updated* by RaTasha Tillery-Smith rtillery@redhat.com --- A flaw was found in the Apache Batik library, where it is vulnerable to a Server-Side Request Forgery attack (SSRF) via "xlink:href" attributes. This flaw allows an attacker to cause the underlying server to make arbitrary GET requests. The highest threat from this vulnerability is to system integrity.
https://bugzilla.redhat.com/show_bug.cgi?id=1848617 Bug 1848617 depends on bug 1848619, which changed state.
Bug 1848619 Summary: CVE-2019-17566 batik: SSRF via "xlink:href" [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1848619
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1848617
--- Comment #10 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
RHDM 7.9.0
Via RHSA-2020:4960 https://access.redhat.com/errata/RHSA-2020:4960
https://bugzilla.redhat.com/show_bug.cgi?id=1848617
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2020:4960
https://bugzilla.redhat.com/show_bug.cgi?id=1848617
--- Comment #11 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
RHPAM 7.9.0
Via RHSA-2020:4961 https://access.redhat.com/errata/RHSA-2020:4961
https://bugzilla.redhat.com/show_bug.cgi?id=1848617
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2020:4961
https://bugzilla.redhat.com/show_bug.cgi?id=1848617
Product Security DevOps Team prodsec-dev@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |ERRATA Last Closed| |2020-11-05 20:21:14
--- Comment #12 from Product Security DevOps Team prodsec-dev@redhat.com --- This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2019-17566
https://bugzilla.redhat.com/show_bug.cgi?id=1848617
--- Comment #13 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Fuse 7.8.0
Via RHSA-2020:5568 https://access.redhat.com/errata/RHSA-2020:5568
https://bugzilla.redhat.com/show_bug.cgi?id=1848617
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2020:5568
https://bugzilla.redhat.com/show_bug.cgi?id=1848617
Doran Moppert dmoppert@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |mcermak@redhat.com, | |mprchlik@redhat.com, | |patrickm@redhat.com, | |vkadlcik@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1848617
Tomas Hoger thoger@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Comment #6 is|1 |0 private| |
java-sig-commits@lists.fedoraproject.org