Lucene search
K

4 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2019/07/10 3:5 p.m.32 views

Security Bulletin: IBM QRadar Incident Forensics is vulnerable to publicly disclosed vulnerabilities from Apache Tika (CVE-2018-11761, CVE-2018-11762, CVE-2018-8017,  CVE-2018-11796)

Summary Open source Apache Tika as used in IBM QRadar Incident Forensics is affected by multiple vulnerabilities Vulnerability Details CVEID: CVE-2018-11761 Description: Apache Tika is vulnerable to a denial of service, caused by the failure to configure XML parsers to limit entity expansion. A...

7.5CVSS1.6AI score0.09635EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2018/10/17 3:49 p.m.6 views

ai.idylnlp:idylnlp-nlp-language-detection-tika (>=1.0.0 <=1.1.0), au.com.turingg:turingg-files (=0.0.1) +1046 more potentially affected by CVE-2018-11762 via org.apache.tika:tika-core (>=0.9 <=1.18)

org.apache.tika:tika-core MAVEN version =0.9, =1.0.0, =1.0.68, =3.6.1, =3.11.0, =1.0.0, =4.6.0, =1.0.12, =18.1.1, =0.1, =0.2.4 and more Source cves: CVE-2018-11762 Source advisory: OSV:GHSA-W6G3-V46Q-5P28...

5.9CVSS6.5AI score0.05449EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2018/09/19 2:29 p.m.23 views

CVE-2018-11762

In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file...

5.9CVSS6.6AI score0.05449EPSS
Exploits0References3
CVE
CVE
added 2018/09/19 2:0 p.m.95 views

CVE-2018-11762

CVE-2018-11762 affects Apache Tika 0.9–1.18. In the rare case where no extract directory is specified on the command line and an embedded file has an absolute path (e.g., C:/evil.bat), tika-app could overwrite that file. The issue is a path handling/Zip extraction edge case; impact is potential a...

5.9CVSS5.7AI score0.05449EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder