Vulnerability Name: | CVE-2018-11761 (CCN-150101) | ||||||||||||||||||||||||||||||||
Assigned: | 2018-09-19 | ||||||||||||||||||||||||||||||||
Published: | 2018-09-19 | ||||||||||||||||||||||||||||||||
Updated: | 2019-11-12 | ||||||||||||||||||||||||||||||||
Summary: | In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack. | ||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-611 | ||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2018-11761 Source: CCN Type: Oracle CPUApr2019 Oracle Critical Patch Update Advisory - April 2019 Source: BID Type: Third Party Advisory, VDB Entry 105514 Source: CCN Type: BID-105514 Apache Tika CVE-2018-11761 XML External Entity Denial of Service Vulnerability Source: XF Type: UNKNOWN apache-tika-cve201811761-dos(150101) Source: CCN Type: Apache Web site CVE-2018-11761: Apache Tika Denial of Service via XML Entity Expansion Vulnerability Source: MLIST Type: Mailing List, Vendor Advisory [tika-dev] 20180919 [CVE-2018-11761] Apache Tika DoS XML Entity Expansion Vulnerability Source: MLIST Type: UNKNOWN [lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report Source: CCN Type: oss-sec Mailing List, Wed, 19 Sep 2018 08:44:41 -0400 [CVE-2018-11761] Apache Tika DoS XML Entity Expansion Vulnerability Source: CCN Type: IBM Security Bulletin 888135 (QRadar SIEM) IBM QRadar Incident Forensics is vulnerable to publicly disclosed vulnerabilities from Apache Tika (CVE-2018-11761, CVE-2018-11762, CVE-2018-8017, CVE-2018-11796) Source: CCN Type: IBM Security Bulletin 6444033 (Log Analysis) Multiple vulnerabilities in Apache Tika affects Apache Solr shipped with IBM Operations Analytics - Log Analysis Source: CCN Type: IBM Security Bulletin 6524700 (Planning Analytics Workspace) IBM Planning Analytics Workspace is affected by security vulnerabilities Source: MISC Type: Patch, Third Party Advisory https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html Source: CCN Type: WhiteSource Vulnerability Database CVE-2018-11761 | ||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||
BACK |