9 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-11761
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability...
tika: Incomplete fix allows for XML entity expansion resulting in denial of service
In Apache Tika 1.19 CVE-2018-11761, we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after...
Security Bulletin: IBM QRadar Incident Forensics is vulnerable to publicly disclosed vulnerabilities from Apache Tika (CVE-2018-11761, CVE-2018-11762, CVE-2018-8017, CVE-2018-11796)
Summary Open source Apache Tika as used in IBM QRadar Incident Forensics is affected by multiple vulnerabilities Vulnerability Details CVEID: CVE-2018-11761 Description: Apache Tika is vulnerable to a denial of service, caused by the failure to configure XML parsers to limit entity expansion. A...
CVE-2018-11796
Apache Tika 0.1–1.19 is vulnerable to an entity-expansion denial of service. The root cause is that Xerces2-based SAXParsers reset() after each parse, which removes the user-configured SecurityManager and, per documentation, the entity-expansion limits after the first parse. This means versions f...
CVE-2018-11761
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack...
CVE-2018-11761
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack...
CVE-2018-11761
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack...
CVE-2018-11761
Apache Tika is affected by CVE-2018-11761: XML parsers before 1.19.x did not limit entity expansion, enabling potential denial-of-service. Public details indicate vulnerability in Tika 0.1–1.18 (and discussion around 1.19) with remediation to upgrade to 1.19.1 or later. Some sources note that dow...
CVE-2018-11761
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack...