The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Apache Tika: overload via PSD File

Synthesis of the vulnerability 

An attacker can trigger an overload via PSD File of Apache Tika, in order to trigger a denial of service.
Vulnerable software: Debian, QRadar SIEM, Oracle Communications, Oracle Fusion Middleware, Oracle Identity Management, Oracle OIT, WebLogic, Ubuntu.
Severity of this announce: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 30/03/2020.
Références of this computer vulnerability: 6246141, cpujul2020, cpuoct2020, CVE-2020-1950, CVE-2020-1951, DLA-2161-1, USN-4564-1, VIGILANCE-VUL-31903.

Description of the vulnerability 

An attacker can trigger an overload via PSD File of Apache Tika, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer weakness alert impacts software or systems such as Debian, QRadar SIEM, Oracle Communications, Oracle Fusion Middleware, Oracle Identity Management, Oracle OIT, WebLogic, Ubuntu.

Our Vigil@nce team determined that the severity of this weakness note is medium.

The trust level is of type confirmed by the editor, with an origin of document.

This bulletin is about 2 vulnerabilities.

An attacker with a expert ability can exploit this weakness bulletin.

Solutions for this threat 

Debian 8: new tika packages.
New packages are available:
  Debian 8: tika 1.5-1+deb8u1

IBM QRadar SIEM: patch for Apache Tika.
A patch is indicated in information sources.

Oracle Communications: CPU of July 2020.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2681987.1
  https://support.oracle.com/rs?type=doc&id=2682459.1
  https://support.oracle.com/rs?type=doc&id=2682014.1
  https://support.oracle.com/rs?type=doc&id=2683787.1
  https://support.oracle.com/rs?type=doc&id=2683788.1
  https://support.oracle.com/rs?type=doc&id=2683789.1
  https://support.oracle.com/rs?type=doc&id=2682045.1
  https://support.oracle.com/rs?type=doc&id=2683831.1
  https://support.oracle.com/rs?type=doc&id=2682010.1
  https://support.oracle.com/rs?type=doc&id=2683832.1
  https://support.oracle.com/rs?type=doc&id=2682500.1
  https://support.oracle.com/rs?type=doc&id=2683241.1
  https://support.oracle.com/rs?type=doc&id=2682011.1
  https://support.oracle.com/rs?type=doc&id=2683840.1
  https://support.oracle.com/rs?type=doc&id=2682018.1
  https://support.oracle.com/rs?type=doc&id=2683841.1
  https://support.oracle.com/rs?type=doc&id=2683842.1
  https://support.oracle.com/rs?type=doc&id=2683843.1
  https://support.oracle.com/rs?type=doc&id=2683845.1

Oracle Fusion Middleware: CPU of October 2020.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2694898.1

Ubuntu 16.04: new libtika-java packages.
New packages are available:
  Ubuntu 16.04 LTS: libtika-java 1.5-4ubuntu0.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a software vulnerability database. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.