Test ID:	1.3.6.1.4.1.25623.1.0.148125
Category:	Denial of Service
Title:	Apache Tika Server < 1.28.2, 2.x < 2.4.0 Multiple Vulnerabilities
Summary:	Apache Tika Server is prone to multiple vulnerabilities.
Description:	Summary: Apache Tika Server is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - CVE-2022-25169: The BPG parser may allocate an unreasonable amount of memory on carefully crafted files - CVE-2022-30126: A regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file Affected Software/OS: Apache Tika Server prior to version 1.28.2 and version 2.x prior to 2.4.0. Solution: Update to version 1.28.2, 2.4.0 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-25169 https://lists.apache.org/thread/t3tb51sf0k2pmbnzsrrrm23z9r1c10rk https://www.oracle.com/security-alerts/cpujul2022.html http://www.openwall.com/lists/oss-security/2022/05/16/4 Common Vulnerability Exposure (CVE) ID: CVE-2022-30126 https://security.netapp.com/advisory/ntap-20220624-0004/ https://lists.apache.org/thread/dh3syg68nxogbmlg13srd6gjn3h2z6r4 http://www.openwall.com/lists/oss-security/2022/05/16/3 http://www.openwall.com/lists/oss-security/2022/05/31/2 http://www.openwall.com/lists/oss-security/2022/06/27/5
Copyright	Copyright (C) 2022 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.