CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10094
https://notcve.org/view.php?id=CVE-2019-10094
02 Aug 2019 — A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later. Un archivo empaquetado y comprimido cuidadosamente diseñado, cuando se descomprime y no comprime, produce el mismo archivo (un quine), lo que causa un StackOverflowError en RechesiveParserWrapper de Tika de Apache en las versiones 1.7 hasta 1.21. Los usuarios de... • https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d%40%3Cdev.tika.apache.org%3E • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2019-10093
https://notcve.org/view.php?id=CVE-2019-10093
02 Aug 2019 — In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later. En Tika de Apache versiones 1.19 hasta 1.21, un archivo 2003ml o 2006ml cuidadosamente diseñado podría consumir todos los SAXParsers disponibles en el grupo y conllevar a suspensiones muy largas. Los usuarios de Tika de Apache deben actualizar a la versión 1.22 o posterior. • https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d%40%3Cdev.tika.apache.org%3E • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 3%CPEs: 1EXPL: 0CVE-2018-17197
https://notcve.org/view.php?id=CVE-2018-17197
24 Dec 2018 — A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika. Chamilo LMS 1.11.8 contiene Cross-Site Scripting (XSS) en main/template/default/admin/gradebook_list.tpl en la herramienta de dependencias del gradebook, lo que permite que usuarios autenticados afecten a otros usuarios en condiciones específicas de permisos otorgados por los administradores. Se considera que esto tiene un "riesgo bajo" debido a la naturaleza de la cara... • http://www.securityfocus.com/bid/106293 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0CVE-2018-11796 – tika: Incomplete fix allows for XML entity expansion resulting in denial of service
https://notcve.org/view.php?id=CVE-2018-11796
09 Oct 2018 — In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after the first parse. Apache Tika versions from 0.1 to 1.19 are therefore still vulnerable to entity expansions which can lead to a denial of service attack. Users should upgrade to 1.19.1 or later. En Apache Tika 1... • http://www.securityfocus.com/bid/105585 • CWE-611: Improper Restriction of XML External Entity Reference CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 5.5EPSS: 3%CPEs: 1EXPL: 0CVE-2018-8017
https://notcve.org/view.php?id=CVE-2018-8017
19 Sep 2018 — In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser. En Apache Tika desde la versión 1.2 hasta la 1.18, un archivo especialmente manipulado puede desencadenar un bucle infinito en IptcAnpaParser. • http://www.securityfocus.com/bid/105513 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 13%CPEs: 3EXPL: 1CVE-2018-11761
https://notcve.org/view.php?id=CVE-2018-11761
19 Sep 2018 — In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack. En Apache Tika desde la versión 0.1 hasta la 1.18, los analizadores XML no estaban configurados para limitar la expansión de las entidades. Por lo tanto, eran vulnerables a una expansión de entidades, lo que podría conducir a un ataque de denegación de servicio (DoS). • https://github.com/brianwrf/CVE-2018-11761 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.9EPSS: 1%CPEs: 1EXPL: 0CVE-2018-11762
https://notcve.org/view.php?id=CVE-2018-11762
19 Sep 2018 — In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file. En Apache Tika desde la versión 0.9 hasta la 1.18, en el caso extremo de que un usuario no especifique un directorio de extracción en la línea de comandos (--extract-dir=) y el archivo entrante tenga un archivo incrustado con una ruta absoluta como "C:/ev... • http://www.securityfocus.com/bid/105515 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 3%CPEs: 1EXPL: 0CVE-2018-1338 – tika: Infinite loop in BPGParser can allow remote attacker to cause a denial of service
https://notcve.org/view.php?id=CVE-2018-1338
25 Apr 2018 — A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18. Un archivo cuidadosamente manipulado (o fuzzeado) puede desencadenar un bucle infinito en BPGParser en las versiones anteriores a la 1.18 de Apache Tika. An infinite loop vulnerability was discovered in Apache Tika prior to version 1.18. A remote attacker could exploit this to cause a denial of service via crafted file. Red Hat Fuse, based on Apache ServiceMix, provides a smal... • https://access.redhat.com/errata/RHSA-2018:2669 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 4%CPEs: 1EXPL: 0CVE-2018-1339 – tika: Infinite loop in ChmParser can allow remote attacker to cause a denial of service
https://notcve.org/view.php?id=CVE-2018-1339
25 Apr 2018 — A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18. Un archivo cuidadosamente manipulado (o fuzzeado) puede desencadenar un bucle infinito en ChmParser en las versiones anteriores a la 1.18 de Apache Tika. Red Hat Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. This release of Red Hat Fuse 7.1 serves as a replacement for Red Hat Fuse 7.0, and i... • https://access.redhat.com/errata/RHSA-2018:2669 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.3EPSS: 93%CPEs: 1EXPL: 9CVE-2018-1335 – Apache Tika Header Command Injection
https://notcve.org/view.php?id=CVE-2018-1335
25 Apr 2018 — From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18. De las versiones 1.7 a 1.17 de Apache Tika, los clientes podían enviar cabeceras cuidadosamente manipuladas a tika-server que podrían emplearse para inyectar comandos en ... • https://packetstorm.news/files/id/152076 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •