CVE-2018-11796
tika: Incomplete fix allows for XML entity expansion resulting in denial of service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after the first parse. Apache Tika versions from 0.1 to 1.19 are therefore still vulnerable to entity expansions which can lead to a denial of service attack. Users should upgrade to 1.19.1 or later.
En Apache Tika 1.19 (CVE-2018-11761), se ha añadido un límite de expansión de entidades para el análisis XML. Sin embargo, Tika reutiliza SAXParsers y llama a reset() tras cada análisis y, en el caso de los analizadores Xerces2, tal y como se indica en la documentación, elimina el SecurityManager especificado por el usuario y elimina los límites de expansión de entidades tras el primer análisis. Por lo tanto, las versiones de la 0.1 a la 1.19 de Apache Tika siguen siendo vulnerables a expansiones de entidades, lo que podría conducir a un ataque de denegación de servicio (DoS). Los usuarios deberían actualizar a la versión 1.19.1 o posteriores.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-06-05 CVE Reserved
- 2018-10-09 CVE Published
- 2024-07-24 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-611: Improper Restriction of XML External Entity Reference
- CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/105585 | Third Party Advisory | |
https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05%40%3Cdev.tika.apache.org%3E | X_refsource_confirm | |
https://security.netapp.com/advisory/ntap-20190903-0002 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2019:3892 | 2023-11-07 | |
https://access.redhat.com/security/cve/CVE-2018-11796 | 2019-11-14 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1639090 | 2019-11-14 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Tika Search vendor "Apache" for product "Tika" | >= 0.1 <= 1.19 Search vendor "Apache" for product "Tika" and version " >= 0.1 <= 1.19" | - |
Affected
|