| Revision Date: | 2023-06-22 | Version: | 1 |
| Title: | CVE-2017-5661 |
| Description: |
In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
|
| Family: | unix | Class: | vulnerability |
| Status: | | Reference(s): | Mitre CVE-2017-5661
SUSE CVE-2017-5661
|
| Platform(s): | SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15 SP3
SUSE Linux Enterprise Desktop 15 SP4
SUSE Linux Enterprise Desktop 15 SP5
SUSE Linux Enterprise High Performance Computing 15 SP3
SUSE Linux Enterprise High Performance Computing 15 SP4
SUSE Linux Enterprise High Performance Computing 15 SP5
SUSE Linux Enterprise Module for Development Tools 15 SP3
SUSE Linux Enterprise Module for Development Tools 15 SP4
SUSE Linux Enterprise Module for Development Tools 15 SP5
SUSE Linux Enterprise Real Time 15 SP2
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server 15 SP4
SUSE Linux Enterprise Server 15 SP5
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE Linux Enterprise Server for SAP Applications 15 SP5
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
| Product(s): | |
| Definition Synopsis |
| Release Information SUSE Linux Enterprise Desktop 15 SP3 is installed
OR SUSE Linux Enterprise Desktop 15 SP4 is installed
OR SUSE Linux Enterprise High Performance Computing 15 SP3 is installed
OR SUSE Linux Enterprise High Performance Computing 15 SP4 is installed
OR SUSE Linux Enterprise Module for Development Tools 15 SP3 is installed
OR SUSE Linux Enterprise Module for Development Tools 15 SP4 is installed
OR SUSE Linux Enterprise Server 15 SP3 is installed
OR SUSE Linux Enterprise Server 15 SP4 is installed
OR SUSE Linux Enterprise Server for SAP Applications 15 SP3 is installed
OR SUSE Linux Enterprise Server for SAP Applications 15 SP4 is installed
OR SUSE Linux Enterprise Storage 7.1 is installed
OR SUSE Manager Proxy 4.2 is installed
OR SUSE Manager Proxy 4.3 is installed
OR SUSE Manager Retail Branch Server 4.2 is installed
OR SUSE Manager Retail Branch Server 4.3 is installed
OR SUSE Manager Server 4.2 is installed
OR SUSE Manager Server 4.3 is installed
AND xmlgraphics-fop is affected
|
| Definition Synopsis |
| Release Information
SUSE Linux Enterprise Real Time 15 SP2 is installed
OR SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed
OR SUSE Manager Proxy 4.1 is installed
OR SUSE Manager Retail Branch Server 4.1 is installed
OR SUSE Manager Server 4.1 is installed
AND xmlgraphics-fop is affected
|
| Definition Synopsis |
| Release Information
SUSE Linux Enterprise Desktop 15 SP3 is installed
OR SUSE Linux Enterprise High Performance Computing 15 SP3 is installed
OR SUSE Linux Enterprise Module for Development Tools 15 SP3 is installed
OR SUSE Linux Enterprise Server 15 SP3 is installed
OR SUSE Linux Enterprise Server for SAP Applications 15 SP3 is installed
OR SUSE Linux Enterprise Storage 7.1 is installed
OR SUSE Manager Proxy 4.2 is installed
OR SUSE Manager Retail Branch Server 4.2 is installed
OR SUSE Manager Server 4.2 is installed
AND xmlgraphics-fop is affected
|
| Definition Synopsis |
| Release Information
SUSE Enterprise Storage 7 is installed
OR SUSE Linux Enterprise Desktop 15 SP3 is installed
OR SUSE Linux Enterprise High Performance Computing 15 SP3 is installed
OR SUSE Linux Enterprise Module for Development Tools 15 SP3 is installed
OR SUSE Linux Enterprise Real Time 15 SP2 is installed
OR SUSE Linux Enterprise Server 15 SP3 is installed
OR SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed
OR SUSE Linux Enterprise Server for SAP Applications 15 SP3 is installed
OR SUSE Linux Enterprise Storage 7.1 is installed
OR SUSE Manager Proxy 4.2 is installed
OR SUSE Manager Retail Branch Server 4.2 is installed
OR SUSE Manager Server 4.2 is installed
AND xmlgraphics-fop is affected
|
| Definition Synopsis |
| Release Information
SUSE Linux Enterprise Desktop 15 SP4 is installed
OR SUSE Linux Enterprise High Performance Computing 15 SP4 is installed
OR SUSE Linux Enterprise Module for Development Tools 15 SP4 is installed
OR SUSE Linux Enterprise Server 15 SP4 is installed
OR SUSE Linux Enterprise Server for SAP Applications 15 SP4 is installed
OR SUSE Manager Proxy 4.3 is installed
OR SUSE Manager Retail Branch Server 4.3 is installed
OR SUSE Manager Server 4.3 is installed
AND xmlgraphics-fop is affected
|
| Definition Synopsis |
| Release Information
SUSE Linux Enterprise Real Time 15 SP2 is installed
OR SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed
AND xmlgraphics-fop is affected
|
| Definition Synopsis |
| Release Information
SUSE Linux Enterprise Desktop 15 SP5 is installed
OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed
OR SUSE Linux Enterprise Module for Development Tools 15 SP5 is installed
OR SUSE Linux Enterprise Server 15 SP5 is installed
OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed
AND xmlgraphics-fop is affected
|