Vulnerability Name:

CVE-2015-0250 (CCN-101614)

Assigned:2014-11-18
Published:2015-03-17
Updated:2017-11-04
Summary:XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

CWE-611: Improper Restriction of XML External Entity Reference ('XXE')
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P)
4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: CONFIRM
Type: UNKNOWN
http://advisories.mageia.org/MGASA-2015-0138.html

Source: MITRE
Type: CNA
CVE-2015-0250

Source: MISC
Type: UNKNOWN
http://packetstormsecurity.com/files/130964/Apache-Batik-XXE-Injection.html

Source: CCN
Type: RHSA-2016-0041
Moderate: Red Hat JBoss BRMS 6.1.5 update

Source: REDHAT
Type: UNKNOWN
RHSA-2016:0041

Source: CCN
Type: RHSA-2016-0042
Moderate: Red Hat JBoss BPM Suite 6.1.5 update

Source: REDHAT
Type: UNKNOWN
RHSA-2016:0042

Source: FULLDISC
Type: Exploit
20150322 [CVE-2015-0250] Apache Batik Information Disclosure Vulnerability (XXE Injection)

Source: CCN
Type: oss-security Mailing List, Tue, 17 Mar 2015 10:27:23 +0100
[CVE-2015-0250] Apache Batik information disclosure vulnerability

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21963275

Source: DEBIAN
Type: UNKNOWN
DSA-3205

Source: CCN
Type: IBM Security Bulletin 1957717
Security Vulnerability in Apache Batik affects IBM WebSphere Portal (CVE-2015-0250)

Source: CCN
Type: IBM Security Bulletin 1959083
Multiple Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.5.6

Source: CCN
Type: IBM Security Bulletin 1963037
Open Source Apache Batik vulnerability affects Rational Developer for System z (CVE-2015-0250)

Source: CCN
Type: IBM Security Bulletin 1963168
Security Vulnerability in Apache Batik (CVE-2015-0250)

Source: CCN
Type: IBM Security Bulletin 1963275
Multiple Security Vulnerabilities fixed in IBM WebSphere Application Server 8.0.0.11

Source: CCN
Type: IBM Security Bulletin 1963994
Security Vulnerability in Apache Batik (CVE-2015-0250)

Source: CCN
Type: IBM Security Bulletin 1964727
IBM Tivoli Netcool Configuration Manager (ITNCM) has noted vulnerable to Open Source Apache Batik vulnerability - Reported in 03/17/2015 X-Force Report> (CVE-2015-0250)

Source: CCN
Type: IBM Security Bulletin 1970112
IBM Cram Social Program Management contains an Apache Batik Vulnerability (CVE-2015-0250)

Source: CCN
Type: IBM Security Bulletin 2015810 (Security QRadar SIEM)
IBM QRadar SIEM contains vulnerable components. (CVE-2015-0250)

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2015:203

Source: CCN
Type: Oracle CPUJan2017
Oracle Critical Patch Update Advisory - January 2017

Source: SECTRACK
Type: UNKNOWN
1032781

Source: UBUNTU
Type: Patch
USN-2548-1

Source: CCN
Type: Apache Web site
Apache Batik Project - Apache Batik Security

Source: CONFIRM
Type: Vendor Advisory
http://xmlgraphics.apache.org/security.html

Source: XF
Type: UNKNOWN
apache-batik-cve20150250-info-disc(101614)

Source: CCN
Type: IBM Security Bulletin 6382228 (Tivoli Netcool OMNIbus)
Multiple vulnerabilities in Apache Batik affect Tivoli Netcool/OMNIbus WebGUI (CVE-2017-5662, CVE-2018-8013, CVE-2015-0250, CVE-2019-17566)

Source: CCN
Type: IBM Security Bulletin 6616277 (TRIRIGA Application Platform)
BM TRIRIGA Application Platform discloses CVE-20215-0250

Source: CCN
Type: IBM Security Bulletin 6852611 (Tivoli Network Manager)
Multiple Vulnerabilities discovered in libraries used by TCRtoolkit in ITNM

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2015-0250

Vulnerable Configuration:Configuration 1:
  • cpe:/o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:apache:batik:*:*:*:*:*:*:*:* (Version <= 1.7)

    • Configuration 3:
  • cpe:/a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:* (Version <= 6.1.2)

    • Configuration CCN 1:
  • cpe:/a:apache:batik:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:batik:1.7:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_developer:8.5:*:*:*:system_z:*:*:*
  • OR cpe:/a:ibm:rational_application_developer:8.0:*:*:*:websphere:*:*:*
  • OR cpe:/a:ibm:rational_application_developer:8.5:*:*:*:websphere:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:8.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_application_developer:8.0.1:*:*:*:websphere:*:*:*
  • OR cpe:/a:ibm:rational_application_developer:8.0.2:*:*:*:websphere:*:*:*
  • OR cpe:/a:ibm:rational_application_developer:8.0.3:*:*:*:websphere:*:*:*
  • OR cpe:/a:ibm:rational_application_developer:8.0.4:*:*:*:websphere:*:*:*
  • OR cpe:/a:ibm:rational_application_developer:8.0.4.1:*:*:*:websphere:*:*:*
  • OR cpe:/a:ibm:rational_application_developer:8.0.4.2:*:*:*:websphere:*:*:*
  • OR cpe:/a:ibm:rational_application_developer:8.5.1:*:*:*:websphere:*:*:*
  • OR cpe:/a:ibm:rational_application_developer:9.0:*:*:*:websphere:*:*:*
  • OR cpe:/a:ibm:rational_developer_for_system_z:8.0.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_developer:8.5.0.1:*:*:*:system_z:*:*:*
  • OR cpe:/a:ibm:rational_developer:8.5.1:*:*:*:system_z:*:*:*
  • OR cpe:/a:ibm:rational_developer:8.5.1.1:*:*:*:system_z:*:*:*
  • OR cpe:/a:ibm:rational_developer:8.5.1.2:*:*:*:system_z:*:*:*
  • OR cpe:/a:ibm:rational_developer:8.5.1.3:*:*:*:system_z:*:*:*
  • OR cpe:/a:ibm:rational_developer:9.0:*:*:*:system_z:*:*:*
  • OR cpe:/a:ibm:tririga_application_platform:2.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_application_developer:9.1:*:*:*:websphere:*:*:*
  • OR cpe:/a:ibm:rational_application_developer:9.1.0.1:*:*:*:websphere:*:*:*
  • OR cpe:/a:ibm:rational_application_developer:9.1.1:*:*:*:websphere:*:*:*
  • OR cpe:/a:ibm:rational_application_developer:8.5.5:*:*:*:websphere:*:*:*
  • OR cpe:/a:ibm:rational_application_developer:8.5.5.1:*:*:*:websphere:*:*:*
  • OR cpe:/a:ibm:rational_application_developer:9.0.1:*:*:*:websphere:*:*:*
  • OR cpe:/a:ibm:websphere_portal:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_application_developer:8.0.4.3:*:*:*:websphere:*:*:*
  • OR cpe:/a:ibm:rational_developer_for_system_z:9.0.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_developer_for_system_z:9.0.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_developer_for_system_z:8.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_developer_for_system_z:8.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_developer_for_system_z:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_developer_for_system_z:8.0.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_developer_for_system_z:8.0.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_developer_for_system_z:8.0.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_developer_for_system_z:8.0.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_developer_for_system_z:8.0.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_developer_for_system_z:8.5.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_developer_for_system_z:8.5.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_developer_for_system_z:9.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_developer_for_i:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_developer_for_i:9.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_developer_for_i:9.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_developer_for_i:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_application_developer:9.0.1.1:*:*:*:websphere:*:*:*
  • OR cpe:/a:ibm:rational_developer_for_system_z:9.0.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:curam_social_program_management:6.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:curam_social_program_management:6.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_developer_for_system_z:9.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:curam_social_program_management:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_developer_for_i:9.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_developer_for_i:9.1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_developer_for_system_z:8.5.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_developer_for_system_z:9.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_developer_for_system_z:9.1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_developer_for_system_z:9.0.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_application_developer:8.5.5.2:*:*:*:websphere:*:*:*
  • OR cpe:/a:ibm:rational_application_developer:9.0.1.2:*:*:*:websphere:*:*:*
  • OR cpe:/a:ibm:curam_social_program_management:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:jboss_bpm_suite:6.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_order_broker_cloud_service:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_order_broker_cloud_service:5.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_order_broker_cloud_service:15.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_order_broker_cloud_service:16.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_netcool/omnibus:8.1.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.cisecurity:def:239
    P
    		DSA-3205-1 -- batik -- security update
    2016-02-08
    oval:com.ubuntu.precise:def:20150250000
    V
    		CVE-2015-0250 on Ubuntu 12.04 LTS (precise) - medium.
    2015-03-24
    oval:com.ubuntu.trusty:def:20150250000
    V
    		CVE-2015-0250 on Ubuntu 14.04 LTS (trusty) - medium.
    2015-03-24
    BACK
    canonical ubuntu linux 12.04
    canonical ubuntu linux 14.04
    canonical ubuntu linux 14.10
    apache batik *
    redhat jboss enterprise brms platform *
    apache batik 1.0
    apache batik 1.7
    ibm websphere application server 6.1
    ibm websphere application server 7.0
    ibm websphere portal 7.0
    ibm websphere application server 8.0
    ibm websphere portal 8.0
    ibm websphere application server 8.5
    ibm rational developer 8.5
    ibm rational application developer 8.0
    ibm rational application developer 8.5
    ibm websphere application server 8.5.5
    ibm rational application developer 8.0.1
    ibm rational application developer 8.0.2
    ibm rational application developer 8.0.3
    ibm rational application developer 8.0.4
    ibm rational application developer 8.0.4.1
    ibm rational application developer 8.0.4.2
    ibm rational application developer 8.5.1
    ibm rational application developer 9.0
    ibm rational developer for system z 8.0.3.5
    ibm rational developer 8.5.0.1
    ibm rational developer 8.5.1
    ibm rational developer 8.5.1.1
    ibm rational developer 8.5.1.2
    ibm rational developer 8.5.1.3
    ibm rational developer 9.0
    ibm tririga application platform 2.7
    ibm qradar security information and event manager 7.2
    ibm websphere portal 8.5
    ibm rational application developer 9.1
    ibm rational application developer 9.1.0.1
    ibm rational application developer 9.1.1
    ibm rational application developer 8.5.5
    ibm rational application developer 8.5.5.1
    ibm rational application developer 9.0.1
    ibm websphere portal 6.1
    ibm rational application developer 8.0.4.3
    ibm rational developer for system z 9.0.1.1
    ibm rational developer for system z 9.0.1.2
    ibm rational developer for system z 8.0.2
    ibm rational developer for system z 8.0.3
    ibm rational developer for system z 9.1
    ibm rational developer for system z 8.0.3.1
    ibm rational developer for system z 8.0.3.2
    ibm rational developer for system z 8.0.3.3
    ibm rational developer for system z 8.0.3.4
    ibm rational developer for system z 8.0.3.6
    ibm rational developer for system z 8.5.1.4
    ibm rational developer for system z 8.5.1.5
    ibm rational developer for system z 9.0.1
    ibm rational developer for i 9.0
    ibm rational developer for i 9.0.0.1
    ibm rational developer for i 9.0.1
    ibm rational developer for i 9.1
    ibm rational application developer 9.0.1.1
    ibm rational developer for system z 9.0.1.3
    ibm curam social program management 6.0.4
    ibm curam social program management 6.0.5
    ibm rational developer for system z 9.1.1
    ibm curam social program management 6.0
    ibm rational developer for i 9.1.1
    ibm rational developer for i 9.1.1.1
    ibm rational developer for system z 8.5.1.6
    ibm rational developer for system z 9.0.0.1
    ibm rational developer for system z 9.1.1.1
    ibm rational developer for system z 9.0.1.4
    ibm rational application developer 8.5.5.2
    ibm rational application developer 9.0.1.2
    ibm curam social program management 6.1
    redhat jboss bpm suite 6.1.2
    ibm qradar security information and event manager 7.3
    oracle retail order broker cloud service 5.1
    oracle retail order broker cloud service 5.2
    oracle retail order broker cloud service 15.0
    oracle retail order broker cloud service 16.0
    ibm tivoli netcool/omnibus 8.1.0