CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2018-11796 – tika: Incomplete fix allows for XML entity expansion resulting in denial of service
https://notcve.org/view.php?id=CVE-2018-11796
09 Oct 2018 — In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after the first parse. Apache Tika versions from 0.1 to 1.19 are therefore still vulnerable to entity expansions which can lead to a denial of service attack. Users should upgrade to 1.19.1 or later. En Apache Tika 1... • http://www.securityfocus.com/bid/105585 • CWE-611: Improper Restriction of XML External Entity Reference CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 7.5EPSS: 8%CPEs: 3EXPL: 1CVE-2018-11761
https://notcve.org/view.php?id=CVE-2018-11761
19 Sep 2018 — In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack. En Apache Tika desde la versión 0.1 hasta la 1.18, los analizadores XML no estaban configurados para limitar la expansión de las entidades. Por lo tanto, eran vulnerables a una expansión de entidades, lo que podría conducir a un ataque de denegación de servicio (DoS). • https://github.com/brianwrf/CVE-2018-11761 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.9EPSS: 1%CPEs: 1EXPL: 0CVE-2018-11762
https://notcve.org/view.php?id=CVE-2018-11762
19 Sep 2018 — In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file. En Apache Tika desde la versión 0.9 hasta la 1.18, en el caso extremo de que un usuario no especifique un directorio de extracción en la línea de comandos (--extract-dir=) y el archivo entrante tenga un archivo incrustado con una ruta absoluta como "C:/ev... • http://www.securityfocus.com/bid/105515 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 2%CPEs: 1EXPL: 0CVE-2018-8017
https://notcve.org/view.php?id=CVE-2018-8017
19 Sep 2018 — In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser. En Apache Tika desde la versión 1.2 hasta la 1.18, un archivo especialmente manipulado puede desencadenar un bucle infinito en IptcAnpaParser. • http://www.securityfocus.com/bid/105513 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.3EPSS: 93%CPEs: 1EXPL: 9CVE-2018-1335 – Apache Tika 1.15 - 1.17 - Header Command Injection
https://notcve.org/view.php?id=CVE-2018-1335
25 Apr 2018 — From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18. De las versiones 1.7 a 1.17 de Apache Tika, los clientes podían enviar cabeceras cuidadosamente manipuladas a tika-server que podrían emplearse para inyectar comandos en ... • https://packetstorm.news/files/id/152076 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 3%CPEs: 1EXPL: 0CVE-2018-1338 – tika: Infinite loop in BPGParser can allow remote attacker to cause a denial of service
https://notcve.org/view.php?id=CVE-2018-1338
25 Apr 2018 — A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18. Un archivo cuidadosamente manipulado (o fuzzeado) puede desencadenar un bucle infinito en BPGParser en las versiones anteriores a la 1.18 de Apache Tika. An infinite loop vulnerability was discovered in Apache Tika prior to version 1.18. A remote attacker could exploit this to cause a denial of service via crafted file. Red Hat Fuse, based on Apache ServiceMix, provides a smal... • https://access.redhat.com/errata/RHSA-2018:2669 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 3%CPEs: 1EXPL: 0CVE-2018-1339 – tika: Infinite loop in ChmParser can allow remote attacker to cause a denial of service
https://notcve.org/view.php?id=CVE-2018-1339
25 Apr 2018 — A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18. Un archivo cuidadosamente manipulado (o fuzzeado) puede desencadenar un bucle infinito en ChmParser en las versiones anteriores a la 1.18 de Apache Tika. Red Hat Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. This release of Red Hat Fuse 7.1 serves as a replacement for Red Hat Fuse 7.0, and i... • https://access.redhat.com/errata/RHSA-2018:2669 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3271
https://notcve.org/view.php?id=CVE-2015-3271
15 Dec 2016 — Apache Tika server (aka tika-server) in Apache Tika 1.9 might allow remote attackers to read arbitrary files via the HTTP fileUrl header. El servido Apache Tika (también conocido como tika-server) en Apache Tika 1.9 podría permitir a atacantes remotos leer archivos arbitrarios a través de la cabecera HTTP fileUrl. • http://www.openwall.com/lists/oss-security/2015/08/13/5 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 9%CPEs: 2EXPL: 0CVE-2016-6809 – Apache Tika 1.13 Code Execution
https://notcve.org/view.php?id=CVE-2016-6809
10 Nov 2016 — Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization. Apache Tika en versiones anteriores a 1.14 permite la ejecución de código Java para objetos serializados incrustados en archivos MATLAB. El problema existe porque Tika invoca JMatIO para hacer la deserialización nativa. Apache Tika wraps the jmatio parser to handle MATLAB files. • http://seclists.org/bugtraq/2016/Nov/40 • CWE-502: Deserialization of Untrusted Data •