CVE-2018-11761 Vulnerability Details

  /     /     /  

CVE-2018-11761 Metadata Quick Info

CVE Published: 19/09/2018 | CVE Updated: 16/09/2024 | CVE Year: 2018
Source: apache | Vendor: Apache Software Foundation | Product: Apache Tika
Status : PUBLISHED

---

CVE-2018-11761 Description

In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Denial of Service via XML Entity Expansion
Source: Apache Software Foundation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).