Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-11761

Опубликовано: 19 сент. 2018
Источник: redhat
CVSS3: 7.5
EPSS Средний

Описание

In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.

Отчет

This issue affects the versions of tika which is embedded in the nutch package as shipped with Red Hat Satellite 5. The tika server is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat BPM Suite 6tika-coreWill not fix
Red Hat Fuse 7camel-tikaNot affected
Red Hat JBoss BRMS 5tika-coreWill not fix
Red Hat JBoss BRMS 6tika-coreWill not fix
Red Hat JBoss Data Virtualization 6tika-coreWill not fix
Red Hat JBoss Fuse Integration Service 2tika-coreOut of support scope
Red Hat JBoss Fuse Service Works 6tika-coreWill not fix
Red Hat Satellite 5tikaWill not fix
Red Hat Software Collectionsrh-eclipse46-tikaWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-776
https://bugzilla.redhat.com/show_bug.cgi?id=1632462tika: XML entity expansion vulnerability due to lack of limit configuration

EPSS

Процентиль: 93%
0.11027
Средний

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-11761

CVSS3: 7.5
ubuntu
больше 7 лет назад

In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.

nvd логотип

CVE-2018-11761

CVSS3: 7.5
nvd
больше 7 лет назад

In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.

debian логотип

CVE-2018-11761

CVSS3: 7.5
debian
больше 7 лет назад

In Apache Tika 0.1 to 1.18, the XML parsers were not configured to lim ...

github логотип

GHSA-6jq2-789q-fff2

CVSS3: 7.5
github
больше 7 лет назад

High severity vulnerability that affects org.apache.tika:tika-core

fstec логотип

BDU:2019-01770

CVSS3: 7.5
fstec
больше 7 лет назад

Уязвимость анализатора XML среды обнаружения и анализа контента Apache Tika, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 93%
0.11027
Средний

7.5 High

CVSS3