CVE-2019-17566: CSRF
First published: Mon Jun 15 2020(Updated: )
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
Credit: security@apache.org security@apache.org security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/org.apache.xmlgraphics:batik | <1.13 | 1.13 |
| redhat/batik | <1.13 | 1.13 |
| debian/batik | 1.10-2+deb10u1 1.10-2+deb10u3 1.12-4+deb11u2 1.12-4+deb11u1 1.16+dfsg-1+deb12u1 1.17+dfsg-1 | |
| ubuntu/batik | <1.10-2~18.04.1 | 1.10-2~18.04.1 |
| ubuntu/batik | <1.12-1ubuntu0.1 | 1.12-1ubuntu0.1 |
| ubuntu/batik | <1.7.ubuntu-8ubuntu2.14.04.3+ | 1.7.ubuntu-8ubuntu2.14.04.3+ |
| ubuntu/batik | <1.8-3ubuntu1+ | 1.8-3ubuntu1+ |
| Apache Batik | <1.13 | |
| Oracle API Gateway | =11.1.2.4.0 | |
| Oracle Business Intelligence Enterprise Edition | =5.5.0.0.0 | |
| Oracle Business Intelligence Enterprise Edition | =5.9.0.0.0 | |
| Oracle Business Intelligence Enterprise Edition | =12.2.1.3.0 | |
| Oracle Business Intelligence Enterprise Edition | =12.2.1.4.0 | |
| Oracle Communications Application Session Controller | =3.9m0p2 | |
| oracle communications metasolv solution | >=6.3.0<=6.3.1 | |
| oracle communications offline mediation controller | =12.0.0.3.0 | |
| Oracle Enterprise Repository | =11.1.1.7.0 | |
| Oracle Financial Services Analytical Applications Infrastructure | >=8.0.6<=8.1.0 | |
| Oracle Spatial and Graph MapViewer | =12.2.1.4.0 | |
| Oracle Hospitality OPERA | =5.5 | |
| Oracle Hospitality OPERA | =5.6 | |
| Oracle Hyperion Financial Reporting | =11.1.2.4 | |
| Oracle Hyperion Financial Reporting | =11.2.5.0 | |
| oracle instantis enterprisetrack | >=17.1<=17.3 | |
| Oracle JD Edwards EnterpriseOne Tools | <9.2.4.0 | |
| Oracle JD Edwards EnterpriseOne Tools | =9.2.4.2 | |
| Oracle Retail Integration Bus | =15.0.3 | |
| Oracle Retail Order Broker | =15.0 | |
| Oracle Retail Order Broker | =16.0 | |
| Oracle Retail Order Management System | =19.5 | |
| Oracle Retail Point-of-Sale | =14.1 | |
| Oracle Retail Returns Management | =14.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2019-17566 https://nvd.nist.gov/vuln/detail/CVE-2019-17566
- https://bugzilla.redhat.com/show_bug.cgi?id=1848617
- https://access.redhat.com/errata/RHSA-2020:5568
- https://access.redhat.com/errata/RHSA-2020:4960
- https://access.redhat.com/errata/RHSA-2020:4961
- https://access.redhat.com/security/cve/cve-2019-17566
- https://nvd.nist.gov/vuln/detail/CVE-2019-17566
- https://github.com/apache/xmlgraphics-batik/commit/bc6078ca949039e2076cd08b4cb169c84c1179b1
- https://issues.apache.org/jira/browse/BATIK-1276
- https://lists.apache.org/thread.html/rab94fe68b180d2e2fba97abf6fe1ec83cff826be25f86cd90f047171@%3Ccommits.myfaces.apache.org%3E
- https://lists.apache.org/thread.html/rcab14a9ec91aa4c151e0729966282920423eff50a22759fd21db6509@%3Ccommits.myfaces.apache.org%3E
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://xmlgraphics.apache.org/security.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://lists.apache.org/thread.html/rab94fe68b180d2e2fba97abf6fe1ec83cff826be25f86cd90f047171%40%3Ccommits.myfaces.apache.org%3E
- https://lists.apache.org/thread.html/rcab14a9ec91aa4c151e0729966282920423eff50a22759fd21db6509%40%3Ccommits.myfaces.apache.org%3E
- https://security.gentoo.org/glsa/202401-11
- https://github.com/advisories/GHSA-cmx4-p4v5-hmr5 (Advisory)
- https://launchpad.net/bugs/cve/CVE-2019-17566
- https://www.openwall.com/lists/oss-security/2020/06/15/2
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1848619
- https://issues.apache.org/jira/projects/BATIK/issues/BATIK-1276
- http://svn.apache.org/viewvc?view=revision&revision=1871084
- https://security-tracker.debian.org/tracker/CVE-2019-17566
- https://ubuntu.com/security/notices/USN-6117-1
- https://www.cve.org/CVERecord?id=CVE-2019-17566
- https://ubuntu.com/security/CVE-2019-17566
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is CVE-2019-17566?
CVE-2019-17566 is a vulnerability in the Apache Batik library that allows for server-side request forgery (SSRF) attacks.
How does CVE-2019-17566 affect systems?
CVE-2019-17566 can lead to system integrity compromise by allowing attackers to make arbitrary GET requests on the underlying server.
What is the severity of CVE-2019-17566?
CVE-2019-17566 has a high severity rating, with a severity value of 7.
Which software versions are affected by CVE-2019-17566?
Versions 1.10-2~18.04.1, 1.12-1ubuntu0.1, 1.7.ubuntu-8ubuntu2.14.04.3+, and 1.8-3ubuntu1+ of the Batik library on Ubuntu are affected by CVE-2019-17566.
How can CVE-2019-17566 be fixed?
To fix CVE-2019-17566, update the Batik library to version 1.10-2~18.04.1, 1.12-1ubuntu0.1, 1.7.ubuntu-8ubuntu2.14.04.3+, or 1.8-3ubuntu1+ depending on the Ubuntu version.
- collector/redhat-cve
- collector/github-advisory-latest
- alias/GHSA-cmx4-p4v5-hmr5
- alias/CVE-2019-17566
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/severity
- agent/author
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- agent/software-canonical-lookup
- collector/github-advisory
- source/GitHub
- collector/security-tracker-debian
- source/Debian
- agent/event
- collector/usn-cve
- source/Ubuntu
- agent/weakness
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-api
- collector/nvd-index
- package-manager/maven
- package-manager/redhat
- package-manager/debian
- package-manager/ubuntu
- vendor/apache
- canonical/apache batik
- vendor/oracle
- canonical/oracle api gateway
- version/oracle api gateway/11.1.2.4.0
- canonical/oracle business intelligence enterprise edition
- version/oracle business intelligence enterprise edition/5.5.0.0.0
- version/oracle business intelligence enterprise edition/5.9.0.0.0
- version/oracle business intelligence enterprise edition/12.2.1.3.0
- version/oracle business intelligence enterprise edition/12.2.1.4.0
- canonical/oracle communications application session controller
- version/oracle communications application session controller/3.9m0p2
- canonical/oracle communications metasolv solution
- version/oracle communications metasolv solution/6.3.0
- version/oracle communications metasolv solution/6.3.1
- canonical/oracle communications offline mediation controller
- version/oracle communications offline mediation controller/12.0.0.3.0
- canonical/oracle enterprise repository
- version/oracle enterprise repository/11.1.1.7.0
- canonical/oracle financial services analytical applications infrastructure
- version/oracle financial services analytical applications infrastructure/8.0.6
- version/oracle financial services analytical applications infrastructure/8.1.0
- canonical/oracle spatial and graph mapviewer
- version/oracle spatial and graph mapviewer/12.2.1.4.0
- canonical/oracle hospitality opera
- version/oracle hospitality opera/5.5
- version/oracle hospitality opera/5.6
- canonical/oracle hyperion financial reporting
- version/oracle hyperion financial reporting/11.1.2.4
- version/oracle hyperion financial reporting/11.2.5.0
- canonical/oracle instantis enterprisetrack
- version/oracle instantis enterprisetrack/17.1
- version/oracle instantis enterprisetrack/17.3
- canonical/oracle jd edwards enterpriseone tools
- version/oracle jd edwards enterpriseone tools/9.2.4.2
- canonical/oracle retail integration bus
- version/oracle retail integration bus/15.0.3
- canonical/oracle retail order broker
- version/oracle retail order broker/15.0
- version/oracle retail order broker/16.0
- canonical/oracle retail order management system
- version/oracle retail order management system/19.5
- canonical/oracle retail point-of-sale
- version/oracle retail point-of-sale/14.1
- canonical/oracle retail returns management
- version/oracle retail returns management/14.1