ID

VAR-201805-1054


CVE

CVE-2018-8013


TITLE

Apache Batik Vulnerable to unreliable data deserialization

Trust: 0.8

sources: JVNDB: JVNDB-2018-005347

DESCRIPTION

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization. Apache Batik Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apache Batik is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Apache Batik 1.9.1 and prior versions are vulnerable. Mitigation: Users should upgrade to Batik 1.10+ Credit: This issue was independently reported by Man Yue Mo. References: http://xmlgraphics.apache.org/security.html The Apache XML Graphics team. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4215-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond June 02, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : batik CVE ID : CVE-2017-5662 CVE-2018-8013 Debian Bug : 860566 899374 Man Yue Mo, Lars Krapf and Pierre Ernst discovered that Batik, a toolkit for processing SVG images, did not properly validate its input. This would allow an attacker to cause a denial-of-service, mount cross-site scripting attacks, or access restricted files on the server. For the oldstable distribution (jessie), these problems have been fixed in version 1.7+dfsg-5+deb8u1. For the stable distribution (stretch), these problems have been fixed in version 1.8-4+deb9u1. We recommend that you upgrade your batik packages. For the detailed security status of batik please refer to its security tracker page at: https://security-tracker.debian.org/tracker/batik Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlsSUFsACgkQEL6Jg/PV nWQKAQgAtoVouiI8CAu0mMH4CxzV9Gn+PheDY9BIdjfARj60IPGFt1JgwJGwdhuS ANRAYaYhwEl+ZJSi5QUunT+tmwjINkWVQ1OoQIULR+/51bbkPQsND8nj2rVsO8z4 BQFJqUVdpbF04nDAP2lxyLMevrS5v9bQTXZfchIQOYhu08+L4HHilnMzRKpeaFNo jHBfpOhT4puftGQDtPW3+Czrree7yjkyElryVXiaNupH1PYuBs7GH3cGIct4NNv/ 7cykB7tf0j7cL+82YOCe5PhWQJfF52uj4Uck92v+muV6G6H7/vNj8irfC+iW7sP1 s58xKHi+VG3tU66xb44dK4MteCk9SA== =n3ZC -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-3661-1 May 29, 2018 batik vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: Batik could be made to expose sensitive information if it received a specially crafted XML. Software Description: - batik: SVG Library Details: It was discovered that Batik incorrectly handled certain XML. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: libbatik-java 1.7.ubuntu-8ubuntu2.14.04.3 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/usn/usn-3661-1 CVE-2018-8013 Package Information: https://launchpad.net/ubuntu/+source/batik/1.7.ubuntu-8ubuntu2.14.04.3 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202401-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Apache Batik: Multiple Vulnerabilities Date: January 07, 2024 Bugs: #724534, #872689, #918088 ID: 202401-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Apache Batik, the worst of which could result in arbitrary code execution. Background ========== Apache Batik is a Java-based toolkit for applications or applets that want to use images in the Scalable Vector Graphics (SVG) format for various purposes, such as display, generation or manipulation. Affected packages ================= Package Vulnerable Unaffected -------------- ------------ ------------ dev-java/batik < 1.17 >= 1.17 Description =========== Multiple vulnerabilities have been discovered in Apache Batik. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Apache Batik users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/batik-1.17" References ========== [ 1 ] CVE-2018-8013 https://nvd.nist.gov/vuln/detail/CVE-2018-8013 [ 2 ] CVE-2019-17566 https://nvd.nist.gov/vuln/detail/CVE-2019-17566 [ 3 ] CVE-2020-11987 https://nvd.nist.gov/vuln/detail/CVE-2020-11987 [ 4 ] CVE-2022-38398 https://nvd.nist.gov/vuln/detail/CVE-2022-38398 [ 5 ] CVE-2022-38648 https://nvd.nist.gov/vuln/detail/CVE-2022-38648 [ 6 ] CVE-2022-40146 https://nvd.nist.gov/vuln/detail/CVE-2022-40146 [ 7 ] CVE-2022-41704 https://nvd.nist.gov/vuln/detail/CVE-2022-41704 [ 8 ] CVE-2022-42890 https://nvd.nist.gov/vuln/detail/CVE-2022-42890 [ 9 ] CVE-2022-44729 https://nvd.nist.gov/vuln/detail/CVE-2022-44729 [ 10 ] CVE-2022-44730 https://nvd.nist.gov/vuln/detail/CVE-2022-44730 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202401-11 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Trust: 2.43

sources: NVD: CVE-2018-8013 // JVNDB: JVNDB-2018-005347 // BID: 104252 // VULHUB: VHN-138045 // VULMON: CVE-2018-8013 // PACKETSTORM: 147850 // PACKETSTORM: 148025 // PACKETSTORM: 147929 // PACKETSTORM: 176409

AFFECTED PRODUCTS

vendor:oraclemodel:retail returns managementscope:eqversion:14.1

Trust: 1.3

vendor:oraclemodel:retail point-of-servicescope:eqversion:14.1

Trust: 1.3

vendor:oraclemodel:retail point-of-servicescope:eqversion:14.0

Trust: 1.3

vendor:oraclemodel:retail point-of-servicescope:eqversion:13.4

Trust: 1.3

vendor:oraclemodel:retail order brokerscope:eqversion:5.2

Trust: 1.3

vendor:oraclemodel:retail order brokerscope:eqversion:5.1

Trust: 1.3

vendor:oraclemodel:retail order brokerscope:eqversion:16.0

Trust: 1.3

vendor:oraclemodel:retail order brokerscope:eqversion:15.0

Trust: 1.3

vendor:oraclemodel:retail integration busscope:eqversion:17.0

Trust: 1.3

vendor:oraclemodel:retail central officescope:eqversion:14.1

Trust: 1.3

vendor:oraclemodel:retail back officescope:eqversion:14.1

Trust: 1.3

vendor:oraclemodel:retail back officescope:eqversion:13.4

Trust: 1.3

vendor:oraclemodel:retail back officescope:eqversion:13.3

Trust: 1.3

vendor:oraclemodel:jd edwards enterpriseone toolsscope:eqversion:9.2

Trust: 1.3

vendor:oraclemodel:insurance policy administration j2eescope:eqversion:10.2

Trust: 1.3

vendor:oraclemodel:insurance policy administration j2eescope:eqversion:10.0

Trust: 1.3

vendor:oraclemodel:insurance calculation enginescope:eqversion:10.2.1

Trust: 1.3

vendor:oraclemodel:insurance calculation enginescope:eqversion:10.1.1

Trust: 1.3

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.3

Trust: 1.3

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.2

Trust: 1.3

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.1

Trust: 1.3

vendor:oraclemodel:enterprise repositoryscope:eqversion:12.1.3.0.0

Trust: 1.3

vendor:oraclemodel:enterprise repositoryscope:eqversion:11.1.1.7.0

Trust: 1.3

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:gteversion:8.0.0.0.0

Trust: 1.0

vendor:oraclemodel:retail back officescope:eqversion:14

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:ltversion:8.3

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:gteversion:7.3.3.0.0

Trust: 1.0

vendor:oraclemodel:communications metasolv solutionscope:eqversion:6.3.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:lteversion:7.3.3.0.2

Trust: 1.0

vendor:oraclemodel:business intelligencescope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:7.0

Trust: 1.0

vendor:oraclemodel:data integratorscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:communications webrtc session controllerscope:ltversion:7.2

Trust: 1.0

vendor:apachemodel:batikscope:ltversion:1.10

Trust: 1.0

vendor:oraclemodel:fusion middleware mapviewerscope:eqversion:12.2.1.3

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:lteversion:8.0.7.1.0

Trust: 1.0

vendor:oraclemodel:business intelligencescope:eqversion:11.1.1.9.0

Trust: 1.0

vendor:oraclemodel:fusion middleware mapviewerscope:eqversion:12.2.1.2

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:oraclemodel:business intelligencescope:eqversion:11.1.1.7.0

Trust: 1.0

vendor:oraclemodel:business intelligencescope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:apachemodel:batikscope:gteversion:1.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:apachemodel:batikscope:eqversion:1.7

Trust: 0.9

vendor:apachemodel:batikscope:eqversion:1.5

Trust: 0.9

vendor:apachemodel:batikscope:eqversion:1.1.1

Trust: 0.9

vendor:apachemodel:batikscope:eqversion:1.1

Trust: 0.9

vendor:apachemodel:batikscope:eqversion:1.0

Trust: 0.9

vendor:canonicalmodel:ubuntuscope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:apachemodel:batikscope:eqversion:1.10

Trust: 0.8

vendor:apachemodel:batikscope:ltversion:1.x

Trust: 0.8

vendor:oraclemodel:webcenter sitesscope:eqversion:12.2.1.3.0

Trust: 0.3

vendor:oraclemodel:retail back officescope:eqversion:14.0

Trust: 0.3

vendor:oraclemodel:micros relate crm softwarescope:eqversion:11.4

Trust: 0.3

vendor:oraclemodel:fmw platformscope:eqversion:12.2.1.3.0

Trust: 0.3

vendor:oraclemodel:fmw platformscope:eqversion:12.1.3.0.0

Trust: 0.3

vendor:oraclemodel:communications webrtc session controllerscope:eqversion:7.1

Trust: 0.3

vendor:oraclemodel:communications webrtc session controllerscope:eqversion:7.0

Trust: 0.3

vendor:oraclemodel:communications metasolv solutionscope:eqversion:6.3

Trust: 0.3

vendor:oraclemodel:communications diameter signaling routerscope:eqversion:7.1

Trust: 0.3

vendor:oraclemodel:communications diameter signaling routerscope:eqversion:6.0.2

Trust: 0.3

vendor:oraclemodel:communications diameter signaling routerscope:eqversion:6.0

Trust: 0.3

vendor:oraclemodel:communications diameter signaling routerscope:eqversion:5.1

Trust: 0.3

vendor:oraclemodel:communications diameter signaling routerscope:eqversion:4.1.6

Trust: 0.3

vendor:oraclemodel:communications diameter signaling routerscope:eqversion:4.1

Trust: 0.3

vendor:oraclemodel:communications diameter signaling routerscope:eqversion:8.0

Trust: 0.3

vendor:oraclemodel:communications diameter signaling routerscope:eqversion:7.0

Trust: 0.3

vendor:oraclemodel:communications diameter signaling routerscope:eqversion:5.0

Trust: 0.3

vendor:oraclemodel:communications diameter signaling routerscope:eqversion:4.0

Trust: 0.3

vendor:oraclemodel:communications diameter signaling routerscope:eqversion:3.0

Trust: 0.3

vendor:oraclemodel:communications application session controllerscope:eqversion:3.8

Trust: 0.3

vendor:oraclemodel:communications application session controllerscope:eqversion:3.7.1

Trust: 0.3

vendor:oraclemodel:business intelligence enterprise editionscope:eqversion:12.2.1.4.0

Trust: 0.3

vendor:oraclemodel:business intelligence enterprise editionscope:eqversion:12.2.1.3.0

Trust: 0.3

vendor:oraclemodel:business intelligence enterprise editionscope:eqversion:11.1.1.9.0

Trust: 0.3

vendor:oraclemodel:business intelligence enterprise editionscope:eqversion:11.1.1.7.0

Trust: 0.3

vendor:apachemodel:batikscope:eqversion:1.9.1

Trust: 0.3

vendor:apachemodel:batikscope:eqversion:1.9

Trust: 0.3

vendor:apachemodel:batikscope:eqversion:1.8

Trust: 0.3

vendor:apachemodel:batikscope:eqversion:1.6

Trust: 0.3

vendor:apachemodel:batikscope:eqversion:1.5.1

Trust: 0.3

vendor:oraclemodel:communications webrtc session controllerscope:neversion:7.2

Trust: 0.3

vendor:oraclemodel:communications diameter signaling routerscope:neversion:8.3

Trust: 0.3

vendor:apachemodel:batikscope:neversion:1.10

Trust: 0.3

sources: BID: 104252 // JVNDB: JVNDB-2018-005347 // CNNVD: CNNVD-201805-816 // NVD: CVE-2018-8013

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-8013
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-8013
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201805-816
value: CRITICAL

Trust: 0.6

VULHUB: VHN-138045
value: HIGH

Trust: 0.1

VULMON: CVE-2018-8013
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-8013
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-138045
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-8013
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-138045 // VULMON: CVE-2018-8013 // JVNDB: JVNDB-2018-005347 // CNNVD: CNNVD-201805-816 // NVD: CVE-2018-8013

PROBLEMTYPE DATA

problemtype:CWE-502

Trust: 1.9

sources: VULHUB: VHN-138045 // JVNDB: JVNDB-2018-005347 // NVD: CVE-2018-8013

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-816

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201805-816

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-005347

PATCH

title:[SECURITY] [DLA 1385-1] batik security updateurl:https://lists.debian.org/debian-lts-announce/2018/05/msg00016.html

Trust: 0.8

title:DSA-4215url:https://www.debian.org/security/2018/dsa-4215

Trust: 0.8

title:[CVE-2018-8013] Apache Batik information disclosure vulnerabilityurl:https://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f$d01860a0$704921e0$@gmail.com%3e

Trust: 0.8

title:Fixed in Batik 1.10url:https://xmlgraphics.apache.org/security.html

Trust: 0.8

title:USN-3661-1url:https://usn.ubuntu.com/3661-1/

Trust: 0.8

title:Apache Batik Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83694

Trust: 0.6

title:The Registerurl:https://www.theregister.co.uk/2019/01/18/new_oracle_bugs/

Trust: 0.2

title:Ubuntu Security Notice: batik vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3661-1

Trust: 0.1

title:Debian Security Advisories: DSA-4215-1 batik -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=a5a0946ecde487d7ab58af400b4adadb

Trust: 0.1

title:Debian CVElist Bug Report Logs: batik: CVE-2018-8013url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=014b8a6f2b61bfc1fe61f42bbe15b1b8

Trust: 0.1

title:Red Hat: CVE-2018-8013url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2018-8013

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - July 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=5f8c525f1408011628af1792207b2099

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - January 2019url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=f655264a6935505d167bbf45f409a57b

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - October 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=81c63752a6f26433af2128b2e8c02385

Trust: 0.1

title:Java-Deserialization-CVEsurl:https://github.com/PalindromeLabs/Java-Deserialization-CVEs

Trust: 0.1

title:Nix Issue Database Example Example directory treeurl:https://github.com/andir/nixos-issue-db-example

Trust: 0.1

title:veracode-container-security-finding-parserurl:https://github.com/vincent-deng/veracode-container-security-finding-parser

Trust: 0.1

sources: VULMON: CVE-2018-8013 // JVNDB: JVNDB-2018-005347 // CNNVD: CNNVD-201805-816

EXTERNAL IDS

db:NVDid:CVE-2018-8013

Trust: 3.3

db:BIDid:104252

Trust: 2.1

db:SECTRACKid:1040995

Trust: 1.8

db:JVNDBid:JVNDB-2018-005347

Trust: 0.8

db:CNNVDid:CNNVD-201805-816

Trust: 0.6

db:PACKETSTORMid:147850

Trust: 0.2

db:PACKETSTORMid:147929

Trust: 0.2

db:VULHUBid:VHN-138045

Trust: 0.1

db:VULMONid:CVE-2018-8013

Trust: 0.1

db:PACKETSTORMid:148025

Trust: 0.1

db:PACKETSTORMid:176409

Trust: 0.1

sources: VULHUB: VHN-138045 // VULMON: CVE-2018-8013 // BID: 104252 // JVNDB: JVNDB-2018-005347 // PACKETSTORM: 147850 // PACKETSTORM: 148025 // PACKETSTORM: 147929 // PACKETSTORM: 176409 // CNNVD: CNNVD-201805-816 // NVD: CVE-2018-8013

REFERENCES

url:http://www.securityfocus.com/bid/104252

Trust: 3.0

url:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Trust: 2.7

url:https://www.oracle.com/security-alerts/cpujul2020.html

Trust: 2.4

url:https://xmlgraphics.apache.org/security.html

Trust: 2.2

url:https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Trust: 2.1

url:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Trust: 2.1

url:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Trust: 2.1

url:https://usn.ubuntu.com/3661-1/

Trust: 1.9

url:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Trust: 1.8

url:https://www.debian.org/security/2018/dsa-4215

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuoct2020.html

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2018/05/msg00016.html

Trust: 1.8

url:http://www.securitytracker.com/id/1040995

Trust: 1.8

url:https://security.gentoo.org/glsa/202401-11

Trust: 1.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-8013

Trust: 1.2

url:https://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f%24d01860a0%24704921e0%24%40gmail.com%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r9e90b4d1cf6ea87a79bb506541140dfbf4801f4463a7cee08126ee44%40%3ccommits.xmlgraphics.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rc0a31867796043fbe59113fb654fe8b13309fe04f8935acb8d0fab19%40%3ccommits.xmlgraphics.apache.org%3e

Trust: 1.1

url:http://www.apache.org/

Trust: 0.9

url:https://bugzilla.redhat.com/show_bug.cgi?id=1581725

Trust: 0.9

url:https://access.redhat.com/security/cve/cve-2018-8013

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8013

Trust: 0.8

url:https://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f$d01860a0$704921e0$@gmail.com%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/rc0a31867796043fbe59113fb654fe8b13309fe04f8935acb8d0fab19@%3ccommits.xmlgraphics.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r9e90b4d1cf6ea87a79bb506541140dfbf4801f4463a7cee08126ee44@%3ccommits.xmlgraphics.apache.org%3e

Trust: 0.7

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-batik-affect-tivoli-netcool-omnibus-webgui-cve-2017-5662-cve-2018-8013-cve-2015-0250-cve-2019-17566/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-older-version-of-common-open-source-batik-dom-1-9-1-jar-found-in-the-maximoforgeviewerplugin-which-is-shipped-with-ibm-maximo-for-civil-infrastructure/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-an-older-version-of-a-batik-plugin-that-is-included-in-ibm-installation-manager-and-ibm-packaging-utility/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/502.html

Trust: 0.1

url:https://tools.cisco.com/security/center/viewalert.x?alertid=57978

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-5662

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://security-tracker.debian.org/tracker/batik

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/batik/1.7.ubuntu-8ubuntu2.14.04.3

Trust: 0.1

url:https://usn.ubuntu.com/usn/usn-3661-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-44729

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42890

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11987

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-40146

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-44730

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-38398

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17566

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-41704

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-38648

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

sources: VULHUB: VHN-138045 // VULMON: CVE-2018-8013 // BID: 104252 // JVNDB: JVNDB-2018-005347 // PACKETSTORM: 147850 // PACKETSTORM: 148025 // PACKETSTORM: 147929 // PACKETSTORM: 176409 // CNNVD: CNNVD-201805-816 // NVD: CVE-2018-8013

CREDITS

Man Yue Mo

Trust: 1.0

sources: BID: 104252 // PACKETSTORM: 147850 // CNNVD: CNNVD-201805-816

SOURCES

db:VULHUBid:VHN-138045
db:VULMONid:CVE-2018-8013
db:BIDid:104252
db:JVNDBid:JVNDB-2018-005347
db:PACKETSTORMid:147850
db:PACKETSTORMid:148025
db:PACKETSTORMid:147929
db:PACKETSTORMid:176409
db:CNNVDid:CNNVD-201805-816
db:NVDid:CVE-2018-8013

LAST UPDATE DATE

2024-08-14T13:00:19.121000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-138045date:2020-10-20T00:00:00
db:VULMONid:CVE-2018-8013date:2024-01-07T00:00:00
db:BIDid:104252date:2019-07-17T08:00:00
db:JVNDBid:JVNDB-2018-005347date:2018-07-12T00:00:00
db:CNNVDid:CNNVD-201805-816date:2020-12-16T00:00:00
db:NVDid:CVE-2018-8013date:2024-01-07T11:15:09.053

SOURCES RELEASE DATE

db:VULHUBid:VHN-138045date:2018-05-24T00:00:00
db:VULMONid:CVE-2018-8013date:2018-05-24T00:00:00
db:BIDid:104252date:2018-05-23T00:00:00
db:JVNDBid:JVNDB-2018-005347date:2018-07-12T00:00:00
db:PACKETSTORMid:147850date:2018-05-24T17:53:06
db:PACKETSTORMid:148025date:2018-06-02T03:05:00
db:PACKETSTORMid:147929date:2018-05-29T22:22:00
db:PACKETSTORMid:176409date:2024-01-08T15:04:00
db:CNNVDid:CNNVD-201805-816date:2018-05-25T00:00:00
db:NVDid:CVE-2018-8013date:2018-05-24T16:29:00.380