Lucene search
ApacheCVELIST:CVE-2018-11796HistoryOct 09, 2018 - 10:00 p.m.
CVE-2018-11796
2018-10-0922:00:00
apache
www.cve.org
6
In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after the first parse. Apache Tika versions from 0.1 to 1.19 are therefore still vulnerable to entity expansions which can lead to a denial of service attack. Users should upgrade to 1.19.1 or later.
CNA Affected
[
{
"product": "Apache Tika",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "Apache Tomcat 0.1 to 1.19"
}
]
}
]Related
osv
osv
CVE-2018-11796
2018-10-09 22:29:00
Apache Tika is vulnerable to entity expansions which can lead to a denial of service attack
2018-10-17 15:43:25
CVE-2018-11761
2018-09-19 14:29:00
openvas
openvas
Apache Tika Server XML Entity Expansion Denial of Service Vulnerability
2018-09-27 00:00:00
prion
prion
Code injection
2018-10-09 22:29:00
Design/Logic Flaw
2018-09-19 14:29:00
github
github
debiancve
debiancve
CVE-2018-11796
2018-10-09 22:29:00
CVE-2018-11761
2018-09-19 14:29:00
ubuntucve
ubuntucve
CVE-2018-11796
2018-10-09 00:00:00
CVE-2018-11761
2018-09-19 00:00:00
cve
cve
CVE-2018-11796
2018-10-09 22:29:00
CVE-2018-11761
2018-09-19 14:29:00
redhatcve
redhatcve
CVE-2018-11796
2018-10-15 07:28:22
CVE-2018-11761
2018-09-24 20:51:52
nvd
nvd
CVE-2018-11796
2018-10-09 22:29:00
CVE-2018-11761
2018-09-19 14:29:00
ibm
ibm
veracode
veracode
Denial Of Service (DoS)
2018-10-10 03:04:13
Denial Of Service (DoS)
2018-09-20 02:46:37
cvelist
cvelist
CVE-2018-11761
2018-09-19 14:00:00
redhat
redhat
(RHSA-2019:3892) Important: Red Hat Fuse 7.5.0 security update
2019-11-14 21:15:16
oracle
oracle
Oracle Critical Patch Update Advisory - April 2019
2019-04-16 00:00:00