Описание
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| tika | fixed | 1.20-1 | package | |
| tika | ignored | jessie | package |
Примечания
https://www.openwall.com/lists/oss-security/2018/09/19/4
When fixing this issue the fix needs to be made complete to not open
CVE-2018-11796. The full fix is only in 1.19.1 onwards.
EPSS
Связанные уязвимости
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.
High severity vulnerability that affects org.apache.tika:tika-core
Уязвимость анализатора XML среды обнаружения и анализа контента Apache Tika, позволяющая нарушителю вызвать отказ в обслуживании
EPSS