CVE-2018-11761

Summary

In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Tika0.1 to 1.18affected

Weaknesses

  • Denial of Service via XML Entity Expansion

ADP Enrichment

CVE Program Container

Additional References

References