BID:104252

Apache Batik CVE-2018-8013 Information Disclosure Vulnerability

CVE-2018-8013 |

Info

Apache Batik CVE-2018-8013 Information Disclosure Vulnerability

Bugtraq ID:	104252
Class:	Design Error
CVE:	CVE-2018-8013
Remote:	Yes
Local:	No
Published:	May 23 2018 12:00AM
Updated:	Jul 17 2019 08:00AM
Credit:	Man Yue Mo
Vulnerable:	Oracle WebCenter Sites 12.2.1.3.0 Oracle Retail Returns Management 14.1 Oracle Retail Point-of-Service 14.1 Oracle Retail Point-of-Service 14.0 Oracle Retail Point-of-Service 13.4 Oracle Retail Order Broker 5.2 Oracle Retail Order Broker 5.1 Oracle Retail Order Broker 16.0 Oracle Retail Order Broker 15.0 Oracle Retail Integration Bus 17.0 Oracle Retail Central Office 14.1 Oracle Retail Back Office 14.1 Oracle Retail Back Office 14.0 Oracle Retail Back Office 13.4 Oracle Retail Back Office 13.3 Oracle MICROS Relate CRM Software 11.4 Oracle JD Edwards EnterpriseOne Tools 9.2 Oracle Insurance Policy Administration J2EE 10.2 Oracle Insurance Policy Administration J2EE 10.0 Oracle Insurance Calculation Engine 10.2.1 Oracle Insurance Calculation Engine 10.1.1 Oracle Instantis EnterpriseTrack 17.3 Oracle Instantis EnterpriseTrack 17.2 Oracle Instantis EnterpriseTrack 17.1 Oracle FMW Platform 12.2.1.3.0 Oracle FMW Platform 12.1.3.0.0 Oracle Enterprise Repository 12.1.3.0.0 Oracle Enterprise Repository 11.1.1.7.0 Oracle Communications WebRTC Session Controller 7.1 Oracle Communications WebRTC Session Controller 7.0 Oracle Communications MetaSolv Solution 6.3 Oracle Communications Diameter Signaling Router 7.1 Oracle Communications Diameter Signaling Router 6.0.2 Oracle Communications Diameter Signaling Router 6.0 Oracle Communications Diameter Signaling Router 5.1 Oracle Communications Diameter Signaling Router 4.1.6 Oracle Communications Diameter Signaling Router 4.1 Oracle Communications Diameter Signaling Router 8.0 Oracle Communications Diameter Signaling Router 7.0 Oracle Communications Diameter Signaling Router 5.0 Oracle Communications Diameter Signaling Router 4.0 Oracle Communications Diameter Signaling Router 3.0 Oracle Communications Application Session Controller 3.8 Oracle Communications Application Session Controller 3.7.1 Oracle Business Intelligence Enterprise Edition 12.2.1.4.0 Oracle Business Intelligence Enterprise Edition 12.2.1.3.0 Oracle Business Intelligence Enterprise Edition 11.1.1.9.0 Oracle Business Intelligence Enterprise Edition 11.1.1.7.0 Apache Batik 1.9.1 Apache Batik 1.9 Apache Batik 1.8 Apache Batik 1.7 Apache Batik 1.6 Apache Batik 1.5.1 Apache Batik 1.5 Apache Batik 1.1.1 Apache Batik 1.1 Apache Batik 1.0

Not Vulnerable:	Oracle Communications WebRTC Session Controller 7.2 Oracle Communications Diameter Signaling Router 8.3 Apache Batik 1.10

Discussion

Apache Batik CVE-2018-8013 Information Disclosure Vulnerability

Apache Batik is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks.

Apache Batik 1.9.1 and prior versions are vulnerable.

Exploit / POC

Apache Batik CVE-2018-8013 Information Disclosure Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Apache Batik CVE-2018-8013 Information Disclosure Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Apache Batik CVE-2018-8013 Information Disclosure Vulnerability

References:

Apache Homepage (Apache)
Bug 1581725 - (CVE-2018-8013) CVE-2018-8013 batik: information disclosure when d (Red Hat Bugzilla)
CVE-2018-8013 (Red Hat Bugzilla)
Oracle Critical Patch Update Advisory - April 2019 (Oracle)
Oracle Critical Patch Update Advisory - January 2019 (Oracle)
Oracle Critical Patch Update Advisory - July 2019 (Oracle)
Oracle Critical Patch Update Advisory - October 2018 (Oracle)
Published Vulnerabilities (Apache)