CVE-2018-11762
https://notcve.org/view.php?id=CVE-2018-11762
In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file. En Apache Tika desde la versión 0.9 hasta la 1.18, en el caso extremo de que un usuario no especifique un directorio de extracción en la línea de comandos (--extract-dir=) y el archivo entrante tenga un archivo incrustado con una ruta absoluta como "C:/evil.bat", tika-app podría sobrescribir ese archivo. • http://www.securityfocus.com/bid/105515 https://lists.apache.org/thread.html/ab2e1af38975f5fc462ba89b517971ef892ec3d06bee12ea2258895b%40%3Cdev.tika.apache.org%3E • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2018-11761
https://notcve.org/view.php?id=CVE-2018-11761
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack. En Apache Tika desde la versión 0.1 hasta la 1.18, los analizadores XML no estaban configurados para limitar la expansión de las entidades. Por lo tanto, eran vulnerables a una expansión de entidades, lo que podría conducir a un ataque de denegación de servicio (DoS). • https://github.com/brianwrf/CVE-2018-11761 http://www.securityfocus.com/bid/105514 https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421%40%3Cdev.tika.apache.org%3E https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2018-1338 – tika: Infinite loop in BPGParser can allow remote attacker to cause a denial of service
https://notcve.org/view.php?id=CVE-2018-1338
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18. Un archivo cuidadosamente manipulado (o fuzzeado) puede desencadenar un bucle infinito en BPGParser en las versiones anteriores a la 1.18 de Apache Tika. An infinite loop vulnerability was discovered in Apache Tika prior to version 1.18. A remote attacker could exploit this to cause a denial of service via crafted file. • https://access.redhat.com/errata/RHSA-2018:2669 https://lists.apache.org/thread.html/4d20c5748fb9f836653bc78a1bad991ba8485d82a1e821f70b641932%40%3Cdev.tika.apache.org%3E https://access.redhat.com/security/cve/CVE-2018-1338 https://bugzilla.redhat.com/show_bug.cgi?id=1572421 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2018-1335 – Apache Tika 1.15 - 1.17 - Header Command Injection
https://notcve.org/view.php?id=CVE-2018-1335
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18. De las versiones 1.7 a 1.17 de Apache Tika, los clientes podían enviar cabeceras cuidadosamente manipuladas a tika-server que podrían emplearse para inyectar comandos en la línea de comandos del servidor que ejecuta tika-server. Esta vulnerabilidad solo afecta a quienes ejecuten tika-server en un servidor abierto a clientes no fiables. • https://www.exploit-db.com/exploits/47208 https://www.exploit-db.com/exploits/46540 https://github.com/SkyBlueEternal/CVE-2018-1335-EXP-GUI https://github.com/DigitalNinja00/CVE-2018-1335 https://github.com/siramk/CVE-2018-1335 https://github.com/N0b1e6/CVE-2018-1335-Python3 http://packetstormsecurity.com/files/153864/Apache-Tika-1.17-Header-Command-Injection.html http://www.securityfocus.com/bid/104001 https://access.redhat.com/errata/RHSA-2019:3140 https://lists.apache.org • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2018-1339 – tika: Infinite loop in ChmParser can allow remote attacker to cause a denial of service
https://notcve.org/view.php?id=CVE-2018-1339
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18. Un archivo cuidadosamente manipulado (o fuzzeado) puede desencadenar un bucle infinito en ChmParser en las versiones anteriores a la 1.18 de Apache Tika. • https://access.redhat.com/errata/RHSA-2018:2669 https://lists.apache.org/thread.html/4d2cb5c819401bb075e2a1130e0d14f0404a136541a6f91da0225828%40%3Cdev.tika.apache.org%3E https://access.redhat.com/security/cve/CVE-2018-1339 https://bugzilla.redhat.com/show_bug.cgi?id=1572424 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •