CVE-2018-8013

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.

Published : 2018-05-24 16:29 Updated : 2019-07-23 23:15

7.5
CVSS Score More info
Score 7.5 / 10
7.5
Vendor Product Version URI
Apache Batik 1.0 cpe:/a:apache:batik:1.0
Apache Batik 1.1 cpe:/a:apache:batik:1.1
Apache Batik 1.1.1 cpe:/a:apache:batik:1.1.1
Apache Batik 1.5 cpe:/a:apache:batik:1.5
Apache Batik 1.7 cpe:/a:apache:batik:1.7
Canonical Ubuntu Linux 14.04 cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
Debian Debian Linux 7.0 cpe:/o:debian:debian_linux:7.0
Debian Debian Linux 8.0 cpe:/o:debian:debian_linux:8.0
Debian Debian Linux 9.0 cpe:/o:debian:debian_linux:9.0
Apache Batik 1.1 cpe:/a:apache:batik:1.1:rc1
Apache Batik 1.1 cpe:/a:apache:batik:1.1:rc2
Apache Batik 1.1 cpe:/a:apache:batik:1.1:rc3
Apache Batik 1.1 cpe:/a:apache:batik:1.1:rc4
Apache Batik 1.5 cpe:/a:apache:batik:1.5:beta1
Apache Batik 1.5 cpe:/a:apache:batik:1.5:beta2
Apache Batik 1.5 cpe:/a:apache:batik:1.5:beta3
Apache Batik 1.5 cpe:/a:apache:batik:1.5:beta4
Apache Batik 1.5 cpe:/a:apache:batik:1.5:beta4b
Apache Batik 1.5 cpe:/a:apache:batik:1.5:beta5
Apache Batik 1.5.1 cpe:/a:apache:batik:1.5.1
Apache Batik 1.5.1 cpe:/a:apache:batik:1.5.1:rc2
Apache Batik 1.6 cpe:/a:apache:batik:1.6
Apache Batik 1.6.1 cpe:/a:apache:batik:1.6.1
Apache Batik 1.7 cpe:/a:apache:batik:1.7:beta1
Apache Batik 1.7.1 cpe:/a:apache:batik:1.7.1
Apache Batik 1.8 cpe:/a:apache:batik:1.8
Apache Batik 1.9 cpe:/a:apache:batik:1.9
Apache Batik 1.9.1 cpe:/a:apache:batik:1.9.1
Oracle Business Intelligence 11.1.1.7.0 cpe:/a:oracle:business_intelligence:11.1.1.7.0::~~enterprise~~~
Oracle Business Intelligence 11.1.1.9.0 cpe:/a:oracle:business_intelligence:11.1.1.9.0::~~enterprise~~~
Oracle Business Intelligence 12.2.1.3.0 cpe:/a:oracle:business_intelligence:12.2.1.3.0::~~enterprise~~~
Oracle Business Intelligence 12.2.1.4.0 cpe:/a:oracle:business_intelligence:12.2.1.4.0::~~enterprise~~~
Oracle Communications Diameter Signaling Router 6.0 cpe:/a:oracle:communications_diameter_signaling_router:6.0
Oracle Communications Diameter Signaling Router 8.1 cpe:/a:oracle:communications_diameter_signaling_router:8.1
Oracle Communications Diameter Signaling Router 8.2 cpe:/a:oracle:communications_diameter_signaling_router:8.2
Oracle Communications Metasolv Solution 6.3.0 cpe:/a:oracle:communications_metasolv_solution:6.3.0
Oracle Data Integrator 12.2.1.3.0 cpe:/a:oracle:data_integrator:12.2.1.3.0
Oracle Enterprise Repository 11.1.1.7.0 cpe:/a:oracle:enterprise_repository:11.1.1.7.0
Oracle Enterprise Repository 12.1.3.0.0 cpe:/a:oracle:enterprise_repository:12.1.3.0.0
Oracle Financial Services Analytical Applications Infrastructure 8.0.0.0.0 cpe:/a:oracle:financial_services_analytical_applications_infrastructure:8.0.0.0.0
Oracle Financial Services Analytical Applications Infrastructure 8.0.1.0.0 cpe:/a:oracle:financial_services_analytical_applications_infrastructure:8.0.1.0.0
Oracle Financial Services Analytical Applications Infrastructure 8.0.2.0.0 cpe:/a:oracle:financial_services_analytical_applications_infrastructure:8.0.2.0.0
Oracle Financial Services Analytical Applications Infrastructure 8.0.3.0.0 cpe:/a:oracle:financial_services_analytical_applications_infrastructure:8.0.3.0.0
Oracle Financial Services Analytical Applications Infrastructure 8.0.4.0.0 cpe:/a:oracle:financial_services_analytical_applications_infrastructure:8.0.4.0.0
Oracle Financial Services Analytical Applications Infrastructure 8.0.5.0.0 cpe:/a:oracle:financial_services_analytical_applications_infrastructure:8.0.5.0.0
Oracle Fusion Middleware Mapviewer 12.2.1.2 cpe:/a:oracle:fusion_middleware_mapviewer:12.2.1.2
Oracle Fusion Middleware Mapviewer 12.2.1.3 cpe:/a:oracle:fusion_middleware_mapviewer:12.2.1.3
Oracle Instantis Enterprisetrack 17.1 cpe:/a:oracle:instantis_enterprisetrack:17.1
Oracle Instantis Enterprisetrack 17.2 cpe:/a:oracle:instantis_enterprisetrack:17.2
Oracle Instantis Enterprisetrack 17.3 cpe:/a:oracle:instantis_enterprisetrack:17.3
Oracle Insurance Calculation Engine 10.1.1 cpe:/a:oracle:insurance_calculation_engine:10.1.1
Oracle Insurance Calculation Engine 10.2.1 cpe:/a:oracle:insurance_calculation_engine:10.2.1
Oracle Insurance Policy Administration J2ee 10.0 cpe:/a:oracle:insurance_policy_administration_j2ee:10.0
Oracle Insurance Policy Administration J2ee 10.2 cpe:/a:oracle:insurance_policy_administration_j2ee:10.2
Oracle Jd Edwards Enterpriseone Tools 9.2 cpe:/a:oracle:jd_edwards_enterpriseone_tools:9.2
Oracle Retail Back Office 13.3 cpe:/a:oracle:retail_back_office:13.3
Oracle Retail Back Office 13.4 cpe:/a:oracle:retail_back_office:13.4
Oracle Retail Back Office 14 cpe:/a:oracle:retail_back_office:14
Oracle Retail Back Office 14.1 cpe:/a:oracle:retail_back_office:14.1
Oracle Retail Central Office 14.1 cpe:/a:oracle:retail_central_office:14.1
Oracle Retail Integration Bus 17.0 cpe:/a:oracle:retail_integration_bus:17.0
Oracle Retail Order Broker 5.1 cpe:/a:oracle:retail_order_broker:5.1
Oracle Retail Order Broker 5.2 cpe:/a:oracle:retail_order_broker:5.2
Oracle Retail Order Broker 15.0 cpe:/a:oracle:retail_order_broker:15.0
Oracle Retail Order Broker 16.0 cpe:/a:oracle:retail_order_broker:16.0
Oracle Retail Point-of-service 13.4 cpe:/a:oracle:retail_point-of-service:13.4
Oracle Retail Point-of-service 14.0 cpe:/a:oracle:retail_point-of-service:14.0
Oracle Retail Point-of-service 14.1 cpe:/a:oracle:retail_point-of-service:14.1
Oracle Retail Returns Management 14.1 cpe:/a:oracle:retail_returns_management:14.1
  1. Apache (1) Search CVE
    1. Batik (12) Search CVE
      1. 1.0
      2. 1.1
      3. 1.1.1
      4. 1.5
      5. 1.7
      6. 1.5.1
      7. 1.6
      8. 1.6.1
      9. 1.7.1
      10. 1.8
      11. 1.9
      12. 1.9.1
  2. Debian (1) Search CVE
    1. Debian Linux (3) Search CVE
      1. 7.0
      2. 8.0
      3. 9.0
  3. Canonical (1) Search CVE
    1. Ubuntu Linux (1) Search CVE
      1. 14.04
  4. Oracle (17) Search CVE
    1. Business Intelligence (4) Search CVE
      1. 11.1.1.7.0
      2. 11.1.1.9.0
      3. 12.2.1.3.0
      4. 12.2.1.4.0
    2. Fusion Middleware Mapviewer (2) Search CVE
      1. 12.2.1.2
      2. 12.2.1.3
    3. Instantis Enterprisetrack (3) Search CVE
      1. 17.1
      2. 17.2
      3. 17.3
    4. Retail Returns Management (1) Search CVE
      1. 14.1
    5. Retail Point-of-service (3) Search CVE
      1. 13.4
      2. 14.0
      3. 14.1
    6. Communications Metasolv Solution (1) Search CVE
      1. 6.3.0
    7. Insurance Calculation Engine (2) Search CVE
      1. 10.1.1
      2. 10.2.1
    8. Financial Services Analytical Applications Infrastructure (6) Search CVE
      1. 8.0.0.0.0
      2. 8.0.1.0.0
      3. 8.0.2.0.0
      4. 8.0.3.0.0
      5. 8.0.4.0.0
      6. 8.0.5.0.0
    9. Communications Diameter Signaling Router (3) Search CVE
      1. 6.0
      2. 8.1
      3. 8.2
    10. Enterprise Repository (2) Search CVE
      1. 11.1.1.7.0
      2. 12.1.3.0.0
    11. Insurance Policy Administration J2ee (2) Search CVE
      1. 10.0
      2. 10.2
    12. Data Integrator (1) Search CVE
      1. 12.2.1.3.0
    13. Jd Edwards Enterpriseone Tools (1) Search CVE
      1. 9.2
    14. Retail Back Office (4) Search CVE
      1. 13.3
      2. 13.4
      3. 14
      4. 14.1
    15. Retail Integration Bus (1) Search CVE
      1. 17.0
    16. Retail Order Broker (4) Search CVE
      1. 5.1
      2. 5.2
      3. 15.0
      4. 16.0
    17. Retail Central Office (1) Search CVE
      1. 14.1

CWE

ID Name Description Links
CWE-502 Deserialization of Untrusted Data The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid. CVE

History of changes

Date Event
2019-07-23 23:15
2019-05-15 14:33
2019-04-23 19:32
2019-03-08 15:14
2019-01-16 19:30
2018-10-17 01:31
2018-07-19 01:29
2018-06-26 17:36
2018-06-05 01:29
2018-05-31 01:29
2018-05-27 01:29
2018-05-26 01:29
2018-05-24 16:29

New CVE