How severe is CVE-2017-5662?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2017-5662?

This is classified as CWE-611, which is a common weakness in software security.

CVE-2017-5662 - HIGH Severity | CVSS 7.3

Vulnerability Description

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.

Related Vulnerabilities

CVE-2016-5795

HIGH

CVSS:7.3(High)

An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker coul...

CWE-6112016

CVE-2017-5661

HIGH

CVSS:7.3(High)

In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend o...

CWE-6112017

CVE-2018-12463

HIGH

CVSS:7.3(High)

An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side reques...

CWE-6112018

CVE-2018-15444

HIGH

CVSS:7.3(High)

A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on a...

CWE-6112018

CVE-2022-0265

HIGH

CVSS:7.3(High)

Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast in 5.1-BETA-1.

CWE-6112022

CVE-2022-0272

HIGH

CVSS:7.3(High)

Improper Restriction of XML External Entity Reference in GitHub repository detekt/detekt prior to 1.20.0.

CWE-6112022