BID:104135

Apache Tika CVE-2018-1338 Denial of Service Vulnerability

Info

Apache Tika CVE-2018-1338 Denial of Service Vulnerability

Bugtraq ID:	104135
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2018-1338
Remote:	Yes
Local:	No
Published:	Apr 25 2018 12:00AM
Updated:	Apr 25 2018 12:00AM
Credit:	Tobias Ospelt of modzero AG
Vulnerable:	Redhat Satellite 5 Redhat JBoss Fuse 7.0 Apache Tika 1.9 Apache Tika 1.7 Apache Tika 1.6 Apache Tika 1.17 Apache Tika 1.14 Apache Tika 1.13 Apache Tika 1.12 Apache Tika 1.11 Apache Tika 1.10 Apache Tika 0.10

Not Vulnerable:	Apache Tika 1.18

Discussion

Apache Tika CVE-2018-1338 Denial of Service Vulnerability

Apache Tika is prone to a denial-of-service vulnerability.

Attackers can exploit this issue to cause the application to enter an infinite loop, resulting in denial-of-service conditions.

Versions prior to Tika 1.18 are vulnerable.

Exploit / POC

Apache Tika CVE-2018-1338 Denial of Service Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Apache Tika CVE-2018-1338 Denial of Service Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Apache Tika CVE-2018-1338 Denial of Service Vulnerability

References:

[CVE-2018-1338] DoS (Infinite Loop) Vulnerability in Apache Tika�??s BPGParser (Apache)
Apache Homepage (Apache)
Bug 1572421 CVE-2018-1338 tika: Infinite loop in BPGParser (Redhat)
CVE-2018-1338 (Redhat)