Rewterz Threat Advisory – CVE-2022-26726 – Apple watchOS Vulnerability
May 18, 2022Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
May 18, 2022Rewterz Threat Advisory – CVE-2022-26726 – Apple watchOS Vulnerability
May 18, 2022Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
May 18, 2022Severity
Medium
Analysis Summary
CVE-2022-25169 CVSS:6.5
Apache Tika is vulnerable to a denial of service, caused by improper input validation in the BPG parser. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2022-30126 CVSS:6.5
Apache Tika is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the StandardsText class in the StandardsExtractingContentHandler. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
Impact
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2022-25169
- CVE-2022-30126
Affected Vendors
- Apache
Affected Products
- Apache Tika 1.28.1
- Apache Tika 2.3.0
Remediation
Upgrade to the latest version of Apache Tika, available from the Apache Web site.