3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
37.8%
org.apache.tika:tika is vulnerable to regular expression denial of service (ReDoS) attacks. An attacker is able to cause denial of service conditions to the users who are running the StandardsExtractingContentHandler
component, due to an insecure regular expression usage in setThreshold
function by backtracking on a specially crafted file. This resolves incomplete fixes for CVE-2022-30126
and CVE-2022-30973
.
CPE | Name | Operator | Version |
---|---|---|---|
apache tika core | le | 2.4.0 | |
apache tika core | le | 1.28.3 | |
apache tika core | le | 2.4.0 | |
apache tika core | le | 1.28.3 |
www.openwall.com/lists/oss-security/2022/06/27/5
github.com/apache/tika/commit/22f763a3f14f9a47e46212a74b2a5d4339de6ab5
github.com/apache/tika/commit/3f0078639e9b15de7f5f8293df9222fdc1505fe0
lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh
sca.analysiscenter.veracode.com/vulnerability-database/security/denial-of-service-dos-/java/sid-35567
sca.analysiscenter.veracode.com/vulnerability-database/security/regular-expression-denial-of-service-redos-/java/sid-35785
security.netapp.com/advisory/ntap-20220812-0004/
www.openwall.com/lists/oss-security/2022/06/27/5
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
37.8%