Denial of Service Vulnerability in Apache Tika Parser
CVE-2018-8017

5.5MEDIUM

Key Information:

Vendor: Apache
Status: Apache Tika
Vendor: CVE Published:; 19 September 2018

What is CVE-2018-8017?

In versions 1.2 to 1.18 of Apache Tika, a vulnerability exists that allows an attacker to leverage a specially crafted input file to trigger an infinite loop within the IptcAnpaParser. This may lead to a Denial of Service condition, causing the application to become unresponsive. Users should be aware of this risk and ensure they are using the latest patched versions to avoid potential disruptions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache Tika 1.2 to 1.18

References

https://lists.apache.org/thread.html/72df7a3f0dda49a91214...

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/105513

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 19, 2018
Vulnerability Reserved
Mar 9, 2018

JSON

Apache

What is CVE-2018-8017?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.