CVE-2018-11761

High

In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity…

apache·CWE-611·Published 2018-09-19

CVSS

7.5

EPSS

0.10

KEV

Exploits

cve.orgen

204 chars

In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.

NVDen

204 chars

OSV.deven

204 chars

GHSAen

204 chars

NVDes

268 chars

En Apache Tika desde la versión 0.1 hasta la 1.18, los analizadores XML no estaban configurados para limitar la expansión de las entidades. Por lo tanto, eran vulnerables a una expansión de entidades, lo que podría conducir a un ataque de denegación de servicio (DoS).

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
3.0	Primary	NVD	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1	Secondary	GHSA	7.5	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H