Severity | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE ID | CVE-2018-11796 |
CVSSv3 |
3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C] |
CWE ID |
CWE-611 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
Apache Tika |
Vulnerable software versions |
Apache Tika 1.19 Apache Tika 1.18 Apache Tika 1.17 Show more |
Vendor URL | Apache Foundation |
The vulnerability allows a remote attacker to conduct XXE-attack.
The vulnerability exists due to improper handling of XML External Entities (XXEs) when parsing an XML file. A remote attacker can trick the victim into open an XML file that submits malicious input and cause a denial of service (DoS) condition.
RemediationUpdate to version 1.19.1.
External links