#VU6634 Improper Restriction of XML External Entity Reference in Apache FOP - CVE-2017-5661
Published: May 23, 2017 / Updated: October 14, 2024
Vulnerability identifier: #VU6634
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2017-5661
CWE-ID: CWE-611
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Apache FOP
Apache FOP
Software vendor:
Apache Foundation
Apache Foundation
Description
The vulnerability allows a remote attacker to perform an XXE attack.
The vulnerability exists due to insufficient validation of user-supplied data when processing SVG files. A remote attacker can create a specially crafted SVG file, trick the victim into opening it with affected application and gain access to potentially sensitive information.
Successful exploitation of the vulnerability may lead to system compromise.
The vulnerability exists due to insufficient validation of user-supplied data when processing SVG files. A remote attacker can create a specially crafted SVG file, trick the victim into opening it with affected application and gain access to potentially sensitive information.
Successful exploitation of the vulnerability may lead to system compromise.
Remediation
Update to version 2.2.