Vulnerability Details CVE-2018-8013
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.securityfocus.com/bid/104252
- http://www.securitytracker.com/id/1040995
- https://lists.apache.org/thread.html/r9e90b4d1cf6ea87a79bb506541140dfbf4801f4463a7cee08126ee44%40%3Ccommits.xmlgraphics.apache.org%3E
- https://lists.apache.org/thread.html/rc0a31867796043fbe59113fb654fe8b13309fe04f8935acb8d0fab19%40%3Ccommits.xmlgraphics.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2018/05/msg00016.html
- https://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f%24d01860a0%24704921e0%24%40gmail.com%3e
- https://security.gentoo.org/glsa/202401-11
- https://usn.ubuntu.com/3661-1/
- https://www.debian.org/security/2018/dsa-4215
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://xmlgraphics.apache.org/security.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.securityfocus.com/bid/104252
- http://www.securitytracker.com/id/1040995
- https://lists.apache.org/thread.html/r9e90b4d1cf6ea87a79bb506541140dfbf4801f4463a7cee08126ee44%40%3Ccommits.xmlgraphics.apache.org%3E
- https://lists.apache.org/thread.html/rc0a31867796043fbe59113fb654fe8b13309fe04f8935acb8d0fab19%40%3Ccommits.xmlgraphics.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2018/05/msg00016.html
- https://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f%24d01860a0%24704921e0%24%40gmail.com%3e
- https://security.gentoo.org/glsa/202401-11
- https://usn.ubuntu.com/3661-1/
- https://www.debian.org/security/2018/dsa-4215
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://xmlgraphics.apache.org/security.html
Products affected by CVE-2018-8013
-
cpe:2.3:a:apache:batik:1.0
-
cpe:2.3:a:apache:batik:1.1
-
cpe:2.3:a:apache:batik:1.1.1
-
cpe:2.3:a:apache:batik:1.5
-
cpe:2.3:a:apache:batik:1.5.1
-
cpe:2.3:a:apache:batik:1.6
-
cpe:2.3:a:apache:batik:1.6.1
-
cpe:2.3:a:apache:batik:1.7
-
cpe:2.3:a:apache:batik:1.7.1
-
cpe:2.3:a:apache:batik:1.8
-
cpe:2.3:a:apache:batik:1.9
-
cpe:2.3:a:apache:batik:1.9.1
-
cpe:2.3:a:oracle:business_intelligence:11.1.1.7.0
-
cpe:2.3:a:oracle:business_intelligence:11.1.1.9.0
-
cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0
-
cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0
-
cpe:2.3:a:oracle:communications_diameter_signaling_router:-
-
cpe:2.3:a:oracle:communications_diameter_signaling_router:6.0
-
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0
-
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0
-
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0.0
-
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1
-
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2
-
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1
-
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.2
-
cpe:2.3:a:oracle:communications_metasolv_solution:6.3.0
-
cpe:2.3:a:oracle:communications_webrtc_session_controller:7.0
-
cpe:2.3:a:oracle:communications_webrtc_session_controller:7.1
-
cpe:2.3:a:oracle:data_integrator:12.2.1.3.0
-
cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0
-
cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:7.3.3.0.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:7.3.3.0.1
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:7.3.3.0.2
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.0.0.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.0.1.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.0.2.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.0.3.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.1.0.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.1.1.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.1.2.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.2
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.2.0.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.2.1.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.2.2.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.3
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.3.0.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.3.1.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.3.2.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.3.3.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.4
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.4.0.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.4.1.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.4.2.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.4.3.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.4.4.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.4.5.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.5
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.5.0.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.5.0.1
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.5.1.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.5.2.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.5.3.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.5.4.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.0.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.0.1
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.1.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.2.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.3.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.4.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.0.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.1.0
-
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.2
-
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3
-
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1
-
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2
-
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3
-
cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1
-
cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1
-
cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.0
-
cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2
-
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2
-
cpe:2.3:a:oracle:retail_back_office:13.3
-
cpe:2.3:a:oracle:retail_back_office:13.4
-
cpe:2.3:a:oracle:retail_back_office:14
-
cpe:2.3:a:oracle:retail_back_office:14.1
-
cpe:2.3:a:oracle:retail_central_office:14.1
-
cpe:2.3:a:oracle:retail_integration_bus:17.0
-
cpe:2.3:a:oracle:retail_order_broker:15.0
-
cpe:2.3:a:oracle:retail_order_broker:16.0
-
cpe:2.3:a:oracle:retail_order_broker:5.1
-
cpe:2.3:a:oracle:retail_order_broker:5.2
-
cpe:2.3:a:oracle:retail_point-of-service:13.4
-
cpe:2.3:a:oracle:retail_point-of-service:14.0
-
cpe:2.3:a:oracle:retail_point-of-service:14.1
-
cpe:2.3:a:oracle:retail_returns_management:14.1
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:debian:debian_linux:7.0
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:debian:debian_linux:9.0