Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability

Apache Batik is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks.

Apache Batik 1.8 and prior versions are vulnerable.

Information

Bugtraq ID: 97948
Class: Design Error
CVE: CVE-2017-5662

Remote: Yes
Local: No
Published: Apr 18 2017 12:00AM
Updated: Apr 21 2017 11:06AM
Credit: The vendor reported this issue.
Vulnerable: Apache Batik 1.8
Apache Batik 1.7
Apache Batik 1.6
Apache Batik 1.5.1
Apache Batik 1.5
Apache Batik 1.1.1
Apache Batik 1.1
Apache Batik 1.0

Not Vulnerable: Apache Batik 1.9

References:

• Apache Homepage (Apache)
  
• The Apacheâ?¢ XML Graphics Project - Security (Apache)
  

Source: www.securityfocus.com