CVE-2022-30126
Apache Tika Regular Expression Denial of Service in Standards Extractor
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.2 and 2.4.0
En Apache Tika, una expresión regular en nuestra clase StandardsText, usada por el StandardsExtractingContentHandler podría conllevar a una denegación de servicio causada por el backtracking en un archivo especialmente diseñado. Esto sólo afecta a usuarios que ejecutan StandardsExtractingContentHandler, que es un manejador no estándar. Esto ha sido corregido en versiones 1.28.2 y 2.4.0
This release of Red Hat Fuse 7.11.0 serves as a replacement for Red Hat Fuse 7.10 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Issues addressed include HTTP request smuggling, bypass, code execution, denial of service, deserialization, information leakage, memory leak, privilege escalation, and traversal vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-05-03 CVE Reserved
- 2022-05-16 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-1333: Inefficient Regular Expression Complexity
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2022/05/16/3 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2022/05/31/2 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2022/06/27/5 | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20220624-0004 | Third Party Advisory |
|
| https://www.oracle.com/security-alerts/cpujul2022.html | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://lists.apache.org/thread/dh3syg68nxogbmlg13srd6gjn3h2z6r4 | 2022-10-19 | |
| https://access.redhat.com/security/cve/CVE-2022-30126 | 2022-07-07 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2088523 | 2022-07-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Tika Search vendor "Apache" for product "Tika" | < 1.28.3 Search vendor "Apache" for product "Tika" and version " < 1.28.3" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tika Search vendor "Apache" for product "Tika" | >= 2.0.0 < 2.4.0 Search vendor "Apache" for product "Tika" and version " >= 2.0.0 < 2.4.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Primavera Unifier Search vendor "Oracle" for product "Primavera Unifier" | >= 17.7 <= 17.12 Search vendor "Oracle" for product "Primavera Unifier" and version " >= 17.7 <= 17.12" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Primavera Unifier Search vendor "Oracle" for product "Primavera Unifier" | 18.8 Search vendor "Oracle" for product "Primavera Unifier" and version "18.8" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Primavera Unifier Search vendor "Oracle" for product "Primavera Unifier" | 19.12 Search vendor "Oracle" for product "Primavera Unifier" and version "19.12" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Primavera Unifier Search vendor "Oracle" for product "Primavera Unifier" | 20.12 Search vendor "Oracle" for product "Primavera Unifier" and version "20.12" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Primavera Unifier Search vendor "Oracle" for product "Primavera Unifier" | 21.12 Search vendor "Oracle" for product "Primavera Unifier" and version "21.12" | - |
Affected
| ||||||