Search Results | AttackerKB

2 Total Results

Displaying 1-2 of 2

Attacker Value

Unknown

CVE-2018-11796

Disclosure Date: October 09, 2018 (last updated November 08, 2023)

In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after the first parse. Apache Tika versions from 0.1 to 1.19 are therefore still vulnerable to entity expansions which can lead to a denial of service attack. Users should upgrade to 1.19.1 or later.

Attacker Value

Unknown

CVE-2018-11761

Disclosure Date: September 19, 2018 (last updated November 08, 2023)

In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.

2 Total Results

Displaying 1-2 of 2

Unknown

CVE-2018-11796

Unknown

CVE-2018-11761

Quick Cookie Notification