PT-2019-4680 · Apache+1 · Apache Tika+1

Publicado

2019-08-02

Atualizado

2020-08-24

CVE-2019-10093

CVSS v2.0

7.1

Alta

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Apache Tika versions 1.19 through 1.21

Description The issue is related to an uncontrolled resource consumption in Apache Tika. A carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool, leading to very long hangs. This could allow a remote attacker to cause a denial of service.

Recommendations For Apache Tika versions 1.19 through 1.21, upgrade to version 1.22 or later to resolve the issue.

Correção

Allocation of Resources Without Limits

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770CWE-400

Identificadores relacionados

BDU:2020-01012

CVE-2019-10093

GHSA-4MQ5-MJ59-QQ9C

SUSE-SU-2019:2521-1

SUSE-SU-2019:2930-1

Produtos afetados

Apache Tika

Suse

PT-2019-4680 · Apache+1 · Apache Tika+1

CVE-2019-10093

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 94