Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2018-11761

Published: 19/09/2018 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Apache

Vulnerability Summary

In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tika

oracle business process management suite 12.1.3.0.0

oracle business process management suite 12.2.1.3.0

Vendor Advisories

Red Hat: CVE-2018-11761
In Apache Tika 01 to 118, the XML parsers were not configured to limit entity expansion They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack ...

Github Repositories

https://github.com/brianwrf/CVE-2018-11761

Apache Tika Denial of Service Vulnerability (CVE-2018-11761)

Summary In a recent research on Apache Tika, I found a DOS (Denial of Service) vulnerability existed on its XML parser It is caused that the parser improperly parses XML document Affected Version Tested on ElasticSearch 631 (using Tika 118) and 623 (using Tika 117) Analysis As we know, the core ingest attachment plugin lets Elasticsearch extract file attachments in co

https://github.com/brianwrf/TechArticles

A set of tech articles.

TechArticles A set of tech articles Table of Contents 渗透测试学习笔记之综合渗透案例一 谈一谈如何建设体系化的安全运营中心(SOC) 甲方安全建设的一些思路和思考 Apache Karaf XXE Vulnerability (CVE-2018-11788) Magento Unauthorized Remote Code Execution (CVE-2016-4010) Apache Tika Denial of Service Vulnerability (CVE-2018-11761)

References

CWE-611http://www.securityfocus.com/bid/105514https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421%40%3Cdev.tika.apache.org%3Ehttps://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3Ehttps://nvd.nist.govhttps://github.com/brianwrf/CVE-2018-11761https://access.redhat.com/security/cve/cve-2018-11761
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook