oss-sec mailing list archives
[CVE-2018-11761] Apache Tika DoS XML Entity Expansion Vulnerability
From: Tim Allison <tallison () apache org>
Date: Wed, 19 Sep 2018 08:44:41 -0400
CVE-2018-11761: Apache Tika Denial of Service via XML Entity Expansion Vulnerability Severity: Medium Vendor: The Apache Software Foundation Versions Affected: Apache Tika 0.1 to 1.18 Description: Apache Tika's XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack. Mitigation: Apache Tika users should upgrade to 1.19 or later Credit: This issue was discovered by Renfei (Brian) Wang of Amazon.
Current thread:
- [CVE-2018-11761] Apache Tika DoS XML Entity Expansion Vulnerability Tim Allison (Sep 19)