CVE-2018-11796 – tika: Incomplete fix allows for XML entity expansion resulting in denial of service
https://notcve.org/view.php?id=CVE-2018-11796
In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after the first parse. Apache Tika versions from 0.1 to 1.19 are therefore still vulnerable to entity expansions which can lead to a denial of service attack. Users should upgrade to 1.19.1 or later. En Apache Tika 1.19 (CVE-2018-11761), se ha añadido un límite de expansión de entidades para el análisis XML. • http://www.securityfocus.com/bid/105585 https://access.redhat.com/errata/RHSA-2019:3892 https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05%40%3Cdev.tika.apache.org%3E https://security.netapp.com/advisory/ntap-20190903-0002 https://access.redhat.com/security/cve/CVE-2018-11796 https://bugzilla.redhat.com/show_bug.cgi?id=1639090 • CWE-611: Improper Restriction of XML External Entity Reference CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVE-2018-8017
https://notcve.org/view.php?id=CVE-2018-8017
In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser. En Apache Tika desde la versión 1.2 hasta la 1.18, un archivo especialmente manipulado puede desencadenar un bucle infinito en IptcAnpaParser. • http://www.securityfocus.com/bid/105513 https://lists.apache.org/thread.html/72df7a3f0dda49a912143a1404b489837a11f374dfd1961061873a91%40%3Cdev.tika.apache.org%3E • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2018-11762
https://notcve.org/view.php?id=CVE-2018-11762
In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file. En Apache Tika desde la versión 0.9 hasta la 1.18, en el caso extremo de que un usuario no especifique un directorio de extracción en la línea de comandos (--extract-dir=) y el archivo entrante tenga un archivo incrustado con una ruta absoluta como "C:/evil.bat", tika-app podría sobrescribir ese archivo. • http://www.securityfocus.com/bid/105515 https://lists.apache.org/thread.html/ab2e1af38975f5fc462ba89b517971ef892ec3d06bee12ea2258895b%40%3Cdev.tika.apache.org%3E • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2018-11761
https://notcve.org/view.php?id=CVE-2018-11761
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack. En Apache Tika desde la versión 0.1 hasta la 1.18, los analizadores XML no estaban configurados para limitar la expansión de las entidades. Por lo tanto, eran vulnerables a una expansión de entidades, lo que podría conducir a un ataque de denegación de servicio (DoS). • https://github.com/brianwrf/CVE-2018-11761 http://www.securityfocus.com/bid/105514 https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421%40%3Cdev.tika.apache.org%3E https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2018-1338 – tika: Infinite loop in BPGParser can allow remote attacker to cause a denial of service
https://notcve.org/view.php?id=CVE-2018-1338
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18. Un archivo cuidadosamente manipulado (o fuzzeado) puede desencadenar un bucle infinito en BPGParser en las versiones anteriores a la 1.18 de Apache Tika. An infinite loop vulnerability was discovered in Apache Tika prior to version 1.18. A remote attacker could exploit this to cause a denial of service via crafted file. • https://access.redhat.com/errata/RHSA-2018:2669 https://lists.apache.org/thread.html/4d20c5748fb9f836653bc78a1bad991ba8485d82a1e821f70b641932%40%3Cdev.tika.apache.org%3E https://access.redhat.com/security/cve/CVE-2018-1338 https://bugzilla.redhat.com/show_bug.cgi?id=1572421 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •