Vulnerability Description
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Tika | >= 0.1, <= 1.18 |
| Oracle | Business Process Management Suite | 12.1.3.0.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105514Third Party AdvisoryVDB Entry
- https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae71007581
- https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c24
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatchThird Party Advisory
- http://www.securityfocus.com/bid/105514Third Party AdvisoryVDB Entry
- https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae71007581
- https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c24
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatchThird Party Advisory
FAQ
What is CVE-2018-11761?
CVE-2018-11761 is a vulnerability with a CVSS score of 7.5 (HIGH). In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service att...
How severe is CVE-2018-11761?
CVE-2018-11761 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-11761?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Tika, Oracle Business Process Management Suite.