Red Hat Security Advisory 2016-0041-01 - Red Hat JBoss BRMS is a business-rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.1.5 serves as a replacement for Red Hat JBoss BRMS 6.1.2, and includes bug fixes and enhancements that are documented in the README.txt file included with the patch files. The following security issue is also fixed with this release: It was found that batik was vulnerable to XML External Entity attacks when parsing SVG files. A remote attacker able to send malicious SVG content to the affected server could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
ecf50ed6b27bd5cb65f243cf38a699b302292ed4b30ec06c24b2a7e8a36ce9acRed Hat Security Advisory 2016-0042-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.1.5 serves as a replacement for Red Hat JBoss BPM Suite 6.1.2, and includes bug fixes and enhancements, which are documented in the README.txt file included with the patch files. The following security issue is also fixed with this release: It was found that batik was vulnerable to XML External Entity attacks when parsing SVG files. A remote attacker able to send malicious SVG content to the affected server could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
44ac4683b3f4026f361e4266c427d6d4681a4e87c9c31c5b5815e0a422ee0fcaRed Hat Security Advisory 2015-2560-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.2.0 serves as a replacement for Red Hat JBoss BPM Suite 6.1.2, and includes bug fixes and enhancements.
b31590bd5428473b82cac74a3e51a9ceeb6c65e056d08c5a155284cc088e7457Red Hat Security Advisory 2015-2559-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.2.0 serves as a replacement for Red Hat JBoss BRMS 6.1.2, and includes bug fixes and enhancements.
8e929ffd0869a3d98996e4284a5dff64f0935663f5489c95527f4db30aa478bdMandriva Linux Security Advisory 2015-203 - Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption.
5eda7626171582440bef2089c8e9705f885b66c61b26757776ce0f17cd019bccDebian Linux Security Advisory 3205-1 - Nicolas Gregoire and Kevin Schaller discovered that Batik, a toolkit for processing SVG images, would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption.
6e1aea3d8c41b78ffa32747b1dcaa58281ffe140531931a4580db32309a685caUbuntu Security Notice 2548-1 - Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption.
d292c8c54c0625368669907a9cb53fed70161f0ef2a1072fca343fe9f3cbc9daApache Batik suffers from an XML external entity (XXE) injection vulnerability.
0d4ea687c6256b341e53f9d48115540d7d0aa060c1c7eeaef6476e26de6a2c49
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed