Lucene search
IBM1291844FED4AD2084F05EDCB8E34FC4553A3B1314F52F28A14E2054A564595F5HistoryApr 15, 2021 - 11:00 a.m.
Security Bulletin: Vulnerability in Apache PDFBox affects Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2018-8036)
2021-04-1511:00:39
www.ibm.com
7
0.007 Low
EPSS
Percentile
79.7%
Summary
There is a potential Resource Exhaustion vulnerability in Apache PDFBox that affects Apache Solr.
Vulnerability Details
CVEID:CVE-2018-8036
**DESCRIPTION:**Apache PDFBox is vulnerable to a denial of service, caused by an out of memory exception in AFMParser. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/145592 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| Log Analysis | 1.3.1 |
| Log Analysis | 1.3.2 |
| Log Analysis | 1.3.3 |
| Log Analysis | 1.3.4 |
| Log Analysis | 1.3.5 |
| Log Analysis | 1.3.6 |
Remediation/Fixes
| Principal Product and Version(s) : | Fix details |
|---|---|
| IBM Operations Analytics - Log Analysis version 1.3.x | Upgrade to Log Analysis version 1.3.7 |
| Download the 1.3.7-TIV-IOALA-FP here |
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm smartcloud analytics | eq | 1.3. |
Related
prion
prion
Code injection
2018-07-03 20:29:00
nessus
nessus
openSUSE Security Update : apache-pdfbox (openSUSE-2019-670)
2019-03-27 00:00:00
openSUSE Security Update : apache-pdfbox (openSUSE-2018-975)
2018-09-07 00:00:00
openSUSE Security Update : apache-pdfbox (openSUSE-2018-1245)
2018-10-25 00:00:00
suse
suse
Security update for apache-pdfbox (moderate)
2018-09-07 12:07:46
Security update for apache-pdfbox (moderate)
2018-10-24 15:18:40
ibm
ibm
osv
osv
Loop with Unreachable Exit Condition in Apache PDFBox
2022-05-13 01:53:29
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2018:2630-1)
2021-06-09 00:00:00
openSUSE: Security Advisory for apache-pdfbox (openSUSE-SU-2018:2645-1)
2018-10-26 00:00:00
openSUSE: Security Advisory for apache-pdfbox (openSUSE-SU-2018:3384-1)
2018-10-25 00:00:00
zdt
zdt
Apache PDFBox 1.8.14 / 2.0.10 Denial Of Service Vulnerability
2018-07-04 00:00:00
github
github
Loop with Unreachable Exit Condition in Apache PDFBox
2022-05-13 01:53:29
ubuntucve
ubuntucve
CVE-2018-8036
2018-07-03 00:00:00
veracode
veracode
Denial Of Service (DoS)
2018-07-02 07:11:50
nvd
nvd
CVE-2018-8036
2018-07-03 20:29:00
cvelist
cvelist
CVE-2018-8036
2018-06-29 00:00:00
cve
cve
CVE-2018-8036
2018-07-03 20:29:00
redhatcve
redhatcve
CVE-2018-8036
2018-07-03 05:20:02
debiancve
debiancve
CVE-2018-8036
2018-07-03 20:29:00
fedora
fedora
[SECURITY] Fedora 31 Update: pdfbox-2.0.16-1.fc31
2019-09-14 16:39:49
[SECURITY] Fedora 30 Update: pdfbox-2.0.16-1.fc30
2019-09-09 07:34:18
[SECURITY] Fedora 29 Update: pdfbox-2.0.16-1.fc29
2019-09-09 08:07:18
redhat
redhat
(RHSA-2018:2669) Important: Fuse 7.1 security update
2018-09-11 07:52:48
oracle
oracle
Oracle Critical Patch Update Advisory - April 2020
2020-04-14 00:00:00
0.007 Low
EPSS
Percentile
79.7%
Related for 1291844FED4AD2084F05EDCB8E34FC4553A3B1314F52F28A14E2054A564595F5