BID:106293

Apache Tika CVE-2018-17197 Denial of Service Vulnerability

CVE-2018-17197 |

Info

Apache Tika CVE-2018-17197 Denial of Service Vulnerability

Bugtraq ID:	106293
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2018-17197
Remote:	Yes
Local:	No
Published:	Dec 22 2018 12:00AM
Updated:	Jul 17 2019 08:00AM
Credit:	Tim Allison
Vulnerable:	Oracle Primavera Unifier 18.8 Oracle Primavera Unifier 17.7 Oracle Primavera Unifier 17.12 Oracle Primavera Unifier 16.2 Oracle Primavera Unifier 16.1 Oracle FLEXCUBE Private Banking 12.1 Oracle FLEXCUBE Private Banking 12.0.3 Oracle FLEXCUBE Private Banking 12.0.1 Oracle Communications Messaging Server 8.0.2 Oracle Communications Messaging Server 8.1 Apache Tika 1.19.1 Apache Tika 1.9 Apache Tika 1.8 Apache Tika 1.18 Apache Tika 1.17 Apache Tika 1.14 Apache Tika 1.13 Apache Tika 1.12 Apache Tika 1.11 Apache Tika 1.10

Not Vulnerable:	Apache Tika 1.20

Discussion

Apache Tika CVE-2018-17197 Denial of Service Vulnerability

Apache Tika is prone to a denial-of-service vulnerability.

Attackers can exploit this issue to cause the application to enter an infinite loop, resulting in denial-of-service conditions.

Apache Tika 1.8 through 1.19.1 are vulnerable.

Exploit / POC

Apache Tika CVE-2018-17197 Denial of Service Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Apache Tika CVE-2018-17197 Denial of Service Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Apache Tika CVE-2018-17197 Denial of Service Vulnerability

References:

Apache Homepage (Apache)
[CVE-2018-17197] Apache Tika Denial of Service -- Infinite Loop in Tika's SQLite (Apache)
Oracle Critical Patch Update Advisory - July 2019 (Oracle)