Vulnerability Details : CVE-2018-11796
In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after the first parse. Apache Tika versions from 0.1 to 1.19 are therefore still vulnerable to entity expansions which can lead to a denial of service attack. Users should upgrade to 1.19.1 or later.
Vulnerability category: XML external entity (XXE) injectionDenial of service
Products affected by CVE-2018-11796
- cpe:2.3:a:apache:tika:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-11796
1.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-11796
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2018-11796
-
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-11796
-
https://security.netapp.com/advisory/ntap-20190903-0002/
August 2019 IBM Informix Dynamic Server Vulnerabilities in NetApp Products | NetApp Product Security
-
https://access.redhat.com/errata/RHSA-2019:3892
RHSA-2019:3892 - Security Advisory - Red Hat Customer Portal
-
http://www.securityfocus.com/bid/105585
Apache Tika CVE-2018-11796 Incomplete Fix XML External Entity Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E
[CVE-2018-11796] Apache Tika Denial of Service via XML Entity Expansion Vulnerability - Pony MailMailing List;Vendor Advisory
Jump to