Improper Restriction of XML External Entity Reference in Apache FOP - CVE-2017-5661
Published: May 23, 2017 / Updated: October 14, 2024
Vulnerability identifier: #VU6634
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2017-5661
CWE-ID: CWE-611
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Apache Foundation
Affected software:
Apache FOP
Apache FOP
Detailed vulnerability description
The vulnerability allows a remote attacker to perform an XXE attack.
The vulnerability exists due to insufficient validation of user-supplied data when processing SVG files. A remote attacker can create a specially crafted SVG file, trick the victim into opening it with affected application and gain access to potentially sensitive information.
Successful exploitation of the vulnerability may lead to system compromise.
The vulnerability exists due to insufficient validation of user-supplied data when processing SVG files. A remote attacker can create a specially crafted SVG file, trick the victim into opening it with affected application and gain access to potentially sensitive information.
Successful exploitation of the vulnerability may lead to system compromise.
How to mitigate CVE-2017-5661
Update to version 2.2.