Lucene search
K

9 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2018-11761

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability...

7.5CVSS6.7AI score0.09635EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2019/11/14 9:17 p.m.5 views

tika: Incomplete fix allows for XML entity expansion resulting in denial of service

In Apache Tika 1.19 CVE-2018-11761, we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after...

7.5CVSS7.4AI score0.06883EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2019/07/10 3:5 p.m.32 views

Security Bulletin: IBM QRadar Incident Forensics is vulnerable to publicly disclosed vulnerabilities from Apache Tika (CVE-2018-11761, CVE-2018-11762, CVE-2018-8017,  CVE-2018-11796)

Summary Open source Apache Tika as used in IBM QRadar Incident Forensics is affected by multiple vulnerabilities Vulnerability Details CVEID: CVE-2018-11761 Description: Apache Tika is vulnerable to a denial of service, caused by the failure to configure XML parsers to limit entity expansion. A...

7.5CVSS1.6AI score0.09635EPSS
Exploits0Affected Software1
CVE
CVE
added 2018/10/09 10:0 p.m.120 views

CVE-2018-11796

Apache Tika 0.1–1.19 is vulnerable to an entity-expansion denial of service. The root cause is that Xerces2-based SAXParsers reset() after each parse, which removes the user-configured SecurityManager and, per documentation, the entity-expansion limits after the first parse. This means versions f...

7.5CVSS7.2AI score0.06883EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2018/09/24 8:51 p.m.34 views

CVE-2018-11761

In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack...

7.5CVSS4.2AI score0.09635EPSS
Exploits0References2
NVD
NVD
added 2018/09/19 2:29 p.m.20 views

CVE-2018-11761

In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack...

7.5CVSS7.3AI score0.09635EPSS
Exploits0References4
OSV
OSV
added 2018/09/19 2:29 p.m.20 views

CVE-2018-11761

In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack...

7.5CVSS6.6AI score
Exploits0References4
CVE
CVE
added 2018/09/19 2:0 p.m.108 views

CVE-2018-11761

Apache Tika is affected by CVE-2018-11761: XML parsers before 1.19.x did not limit entity expansion, enabling potential denial-of-service. Public details indicate vulnerability in Tika 0.1–1.18 (and discussion around 1.19) with remediation to upgrade to 1.19.1 or later. Some sources note that dow...

7.5CVSS7.2AI score0.09635EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2018/09/19 2:0 p.m.26 views

CVE-2018-11761

In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack...

7.5CVSS7.5AI score0.09635EPSS
Exploits0
Rows per page
Query Builder