CVE-2018-1335

nvd nist nuclei

Published: Apr 25, 2018Modified: Nov 21, 2024

8.1

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.

Affected (1)

Products: Apache: Tika

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Tika	Before 1.18

References (10)

http://packetstormsecurity.com/files/153864/Apache-Tika-1.17-Header-Command-Injection.html

Source: security@apache.org

http://www.securityfocus.com/bid/104001

Source: security@apache.org

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2019:3140

Source: security@apache.org

https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca%40%3Cdev.tika.apache.org%3E

Source: security@apache.org

https://www.exploit-db.com/exploits/46540/

Source: security@apache.org

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/153864/Apache-Tika-1.17-Header-Command-Injection.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/104001

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2019:3140

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca%40%3Cdev.tika.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/46540/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.