Apache Batik XML External Entity Injection Vulnerability (CVE-2015-0250)

2016年5月31日

Email
Facebook
Twitter
Google+
Linkedin

危険度: : 緊急

概要

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

トレンドマイクロの対策

Apply associated Trend Micro DPI Rules.

対応方法

Trend Micro Deep Security DPI Rule Number: 1005839