Lucene search
Redhat.comRH:CVE-2018-11796HistoryOct 15, 2018 - 7:28 a.m.
CVE-2018-11796
2018-10-1507:28:22
redhat.com
access.redhat.com
14
EPSS
0.012
Percentile
85.6%
In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after the first parse. Apache Tika versions from 0.1 to 1.19 are therefore still vulnerable to entity expansions which can lead to a denial of service attack. Users should upgrade to 1.19.1 or later.
Related
osv
osv
CVE-2018-11796
2018-10-09 22:29:00
Apache Tika is vulnerable to entity expansions which can lead to a denial of service attack
2018-10-17 15:43:25
CVE-2018-11761
2018-09-19 14:29:00
openvas
openvas
Apache Tika Server XML Entity Expansion Denial of Service Vulnerability
2018-09-27 00:00:00
prion
prion
Code injection
2018-10-09 22:29:00
Design/Logic Flaw
2018-09-19 14:29:00
github
github
cvelist
cvelist
CVE-2018-11796
2018-10-09 22:00:00
CVE-2018-11761
2018-09-19 14:00:00
debiancve
debiancve
CVE-2018-11796
2018-10-09 22:29:00
CVE-2018-11761
2018-09-19 14:29:00
ubuntucve
ubuntucve
CVE-2018-11796
2018-10-09 00:00:00
CVE-2018-11761
2018-09-19 00:00:00
cve
cve
CVE-2018-11796
2018-10-09 22:29:00
CVE-2018-11761
2018-09-19 14:29:00
nvd
nvd
CVE-2018-11796
2018-10-09 22:29:00
CVE-2018-11761
2018-09-19 14:29:00
ibm
ibm
veracode
veracode
Denial Of Service (DoS)
2018-10-10 03:04:13
Denial Of Service (DoS)
2018-09-20 02:46:37
redhatcve
redhatcve
CVE-2018-11761
2018-09-24 20:51:52
redhat
redhat
(RHSA-2019:3892) Important: Red Hat Fuse 7.5.0 security update
2019-11-14 21:15:16
oracle
oracle
Oracle Critical Patch Update Advisory - April 2019
2019-04-16 00:00:00