Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT_UNPATCHED_BATIK-RHEL7.NASL
HistoryJun 03, 2024 - 12:00 a.m.

RHEL 7 : batik (Unpatched Vulnerability)

2024-06-0300:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
redhat enterprise linux
xml external entity
information disclosure
deserialization
svg
png
jpg
apache batik
denial of service
cve-2017-5662
cve-2018-8013
cve-2015-0250
nessus

7.9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

9.2 High

AI Score

Confidence

High

0.043 Low

EPSS

Percentile

92.4%

JSON

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  • batik: XML external entity processing vulnerability (CVE-2017-5662)

  • batik: information disclosure when deserializing (CVE-2018-8013)

  • XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file. (CVE-2015-0250)

Note that Nessus has not tested for these issues but has instead relied on the package manager’s report that the package is installed.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory batik. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(199109);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/04");

  script_cve_id(
    "CVE-2015-0250",
    "CVE-2017-5662",
    "CVE-2018-8013",
    "CVE-2019-17566"
  );
  script_xref(name:"CEA-ID", value:"CEA-2021-0025");
  script_xref(name:"CEA-ID", value:"CEA-2021-0004");

  script_name(english:"RHEL 7 : batik (Unpatched Vulnerability)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat 7 host is affected by multiple vulnerabilities that will not be patched.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple
vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - batik: XML external entity processing vulnerability (CVE-2017-5662)

  - batik: information disclosure when deserializing (CVE-2018-8013)

  - XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache
    Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a
    crafted SVG file. (CVE-2015-0250)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package
is installed.");
  script_set_attribute(attribute:"solution", value:
"The vendor has acknowledged the vulnerabilities but no solution has been provided. Refer to the vendor for remediation
guidance.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-5662");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2018-8013");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/03/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:batik");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jasperreports-server-pro");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item("global_settings/vendor_unpatched"))
exit(0, "Unpatched Vulnerabilities Detection not active.");

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'pkgs': [
      {'reference':'batik', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'batik'},
      {'reference':'jasperreports-server-pro', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'jasperreports-server-pro', 'cves':['CVE-2015-0250']}
    ]
  }
];


var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);
  foreach var pkg ( constraint_array['pkgs'] ) {
    var unpatched_pkg = NULL;
    var _release = NULL;
    var sp = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var exists_check = NULL;
    var cves = NULL;
    if (!empty_or_null(pkg['unpatched_pkg'])) unpatched_pkg = pkg['unpatched_pkg'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (unpatched_pkg &&
        _release &&
        (!exists_check || rpm_exists(release:_release, rpm:exists_check)) &&
        unpatched_package_exists(release:_release, package:unpatched_pkg, cves: cves)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : unpatched_packages_report()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'batik / jasperreports-server-pro');
}
VendorProductVersionCPE
redhatenterprise_linuxbatikp-cpe:/a:redhat:enterprise_linux:batik
redhatenterprise_linuxjasperreports-server-prop-cpe:/a:redhat:enterprise_linux:jasperreports-server-pro
redhatenterprise_linux7cpe:/o:redhat:enterprise_linux:7

Related

ibm 44
nessus 27
debian 7
openvas 34
osv 10
cve 4
fedora 23
cvelist 4
ubuntu 3
github 4
veracode 4
nvd 4
ubuntucve 4
mageia 2
redhatcve 2
redhat 7
securityvulns 2
suse 2
debiancve 4
prion 4
archlinux 1
gitlab 1
rosalinux 1
gentoo 1
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Apache Batik affect Tivoli Netcool/OMNIbus WebGUI (CVE-2017-5662, CVE-2018-8013, CVE-2015-0250, CVE-2019-17566)
2020-12-15 13:01:33
Security Bulletin: The IBM® Engineering System Design Rhapsody products on IBM Jazz Technology contains additional security fixes for CVE-2015-0250, CVE-2018-8013, CVE-2017-5662 batik-dom-1.7.jar (Publicly disclosed vulnerability found by WhiteSource)
2023-07-13 10:54:14
Security Bulletin: Vulnerabilities found in batik-all-1.7.jar, batik-dom-1.7.jar which is shipped with IBM® Intelligent Operations Center(CVE-2018-8013, CVE-2017-5662, CVE-2015-0250)
2023-09-05 08:40:21
nessus
nessus
RHEL 6 : batik (Unpatched Vulnerability)
2024-06-03 00:00:00
Debian DSA-4215-1 : batik - security update
2018-06-05 00:00:00
RHEL 6 : batik (Unpatched Vulnerability)
2024-05-11 00:00:00
debian
debian
[SECURITY] [DSA 4215-1] batik security update
2018-06-02 08:13:08
[SECURITY] [DSA 4215-1] batik security update
2018-06-02 08:13:08
[SECURITY] [DLA 1385-1] batik security update
2018-05-25 19:29:50
openvas
openvas
Debian: Security Advisory (DSA-4215-1)
2018-06-01 00:00:00
Debian: Security Advisory (DLA-926-1)
2018-01-16 00:00:00
Ubuntu: Security Advisory (USN-3661-1)
2018-10-26 00:00:00
osv
osv
batik - security update
2018-06-02 00:00:00
CVE-2017-5662
2017-04-18 14:59:00
Deserialization of Untrusted Data in Apache Batik
2022-05-13 01:14:24
cve
cve
CVE-2017-5662
2017-04-18 14:59:00
CVE-2015-0250
2015-03-24 17:59:00
CVE-2019-17566
2020-11-12 18:15:12
fedora
fedora
[SECURITY] Fedora 25 Update: batik-1.8-9.fc25
2017-05-10 04:02:57
[SECURITY] Fedora 26 Update: batik-1.9-3.fc26
2017-05-09 21:29:07
[SECURITY] Fedora 27 Update: batik-1.10-1.fc27
2018-06-09 19:47:37
cvelist
cvelist
CVE-2017-5662
2017-04-18 14:00:00
CVE-2018-8013
2018-05-24 00:00:00
CVE-2015-0250
2015-03-24 17:00:00
ubuntu
ubuntu
Apache Batik vulnerability
2017-05-09 00:00:00
Batik vulnerability
2018-05-29 00:00:00
Batik vulnerability
2015-03-25 00:00:00
github
github
Improper Restriction of XML External Entity Reference in Apache Batik
2022-05-13 01:14:24
Improper Input Validation in Apache Batik
2022-05-17 00:28:34
Deserialization of Untrusted Data in Apache Batik
2022-05-13 01:14:24
veracode
veracode
Information Disclosure
2018-05-24 02:45:41
Information Disclosure Through An External XML Entity (XXE) Vulnerability
2017-04-19 01:00:17
XML External Entity (XXE) Injection
2017-04-13 02:00:52
nvd
nvd
CVE-2018-8013
2018-05-24 16:29:00
CVE-2017-5662
2017-04-18 14:59:00
CVE-2019-17566
2020-11-12 18:15:12
ubuntucve
ubuntucve
CVE-2015-0250
2015-03-18 00:00:00
CVE-2019-17566
2020-11-12 00:00:00
CVE-2017-5662
2017-04-18 00:00:00
mageia
mageia
Updated batik packages fix security vulnerabilities
2015-04-10 01:44:14
Updated batik packages fix security vulnerabilities
2021-04-02 23:25:05
redhatcve
redhatcve
CVE-2018-8013
2018-05-23 14:20:02
CVE-2019-17566
2020-06-18 15:55:19
redhat
redhat
(RHSA-2016:0041) Moderate: Red Hat JBoss BRMS 6.1.5 update
2016-01-14 18:31:11
(RHSA-2016:0042) Moderate: Red Hat JBoss BPM Suite 6.1.5 update
2016-01-14 18:31:13
(RHSA-2017:2546) Important: Red Hat JBoss BPM Suite 6.4.5 security update
2017-08-29 19:31:56
securityvulns
securityvulns
[USN-2548-1] Batik vulnerability
2015-05-11 00:00:00
Apache libbatik XXE
2015-05-11 00:00:00
suse
suse
Security update for xmlgraphics-batik (moderate)
2020-06-23 00:00:00
Security update for xmlgraphics-batik (moderate)
2020-07-23 00:00:00
debiancve
debiancve
CVE-2019-17566
2020-11-12 18:15:12
CVE-2017-5662
2017-04-18 14:59:00
CVE-2018-8013
2018-05-24 16:29:00
prion
prion
Code injection
2017-04-18 14:59:00
Deserialization of untrusted data
2018-05-24 16:29:00
Xxe
2015-03-24 17:59:00
archlinux
archlinux
java-batik: xml external entity injection
2015-04-04 00:00:00
gitlab
gitlab
Improper Restriction of XML External Entity Reference
2015-03-24 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2239
2023-10-10 08:57:57
gentoo
gentoo
Apache Batik: Multiple Vulnerabilities
2024-01-07 00:00:00

7.9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

9.2 High

AI Score

Confidence

High

0.043 Low

EPSS

Percentile

92.4%

JSON
Related for REDHAT_UNPATCHED_BATIK-RHEL7.NASL
ibm44nessus27debian7openvas34osv10cve4fedora23cvelist4ubuntu3github4veracode4nvd4ubuntucve4mageia2redhatcve2redhat7securityvulns2suse2debiancve4prion4archlinux1gitlab1rosalinux1gentoo1