| Severity | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE ID | CVE-2018-11796 |
| CVSSv3 |
3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C] |
| CWE ID |
CWE-611 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Apache Tika |
| Vulnerable software versions |
Apache Tika 1.19 Apache Tika 1.18 Apache Tika 1.17 Show more |
| Vendor URL | Apache Foundation |
The vulnerability allows a remote attacker to conduct XXE-attack.
The vulnerability exists due to improper handling of XML External Entities (XXEs) when parsing an XML file. A remote attacker can trick the victim into open an XML file that submits malicious input and cause a denial of service (DoS) condition.
RemediationUpdate to version 1.19.1.
External links