In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache tika |
||
oracle business process management suite 12.1.3.0.0 |
||
oracle business process management suite 12.2.1.3.0 |