Published: 25/04/2018 Updated: 07/11/2023

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 940

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache tika

Synopsis Important: Red Hat JBoss Data Virtualization 648 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Data VirtualizationRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scorin ...

Debian Bug report logs - #825501 CVE-2016-4434 Package: src:tika; Maintainer for src:tika is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 27 May 2016 10:03:02 UTC Severity: grave Tags: fixed-upstream, security, upstream Found in v ...

From Apache Tika versions 17 to 117, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server This vulnerability only affects those running tika-server on a server that is open to untrusted clients The mitigation is to upgrade to Tika 118 ...

###################################################################################################### #Description: This is a PoC for remote command execution in Apache Tika-server # #Versions Affected: Tika-server versions < 118 # #Researcher: David Yesland Twitter: ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::CmdStager include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Powershell def initialize(info ...

Apache Tika Server versions prior to 118 suffer from a command injection vulnerability ...

This Metasploit module exploits a command injection vulnerability in Apache Tika versions 115 through 117 on Windows A file with the image/jp2 content-type is used to bypass magic byte checking When OCR is specified in the request, parameters can be passed to change the parameters passed at command line to allow for arbitrary JScript to execute ...

CENG 325 - Principles of Information Security And Privacy

Ankara Yildirim Beyazit University Computer Engineering Department CENG 325 - Principles of Information Security And Privacy Group Members @canumay @aslihann @ezgigucuyener @mburakdonmez References NVD - CVE-2018-1335 Exploit DB - Apache Tika-server < 118 - Command Injection Rhino Security Labs - Exploiting CVE-2018-1335: Command Injection in Apache Tika Metasploit Dis

NVD-CWE-noinfo http://www.securityfocus.com/bid/104001 https://www.exploit-db.com/exploits/46540/http://packetstormsecurity.com/files/153864/Apache-Tika-1.17-Header-Command-Injection.html https://access.redhat.com/errata/RHSA-2019:3140 https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca%40%3Cdev.tika.apache.org%3E https://access.redhat.com/errata/RHSA-2019:3140 https://nvd.nist.gov https://github.com/canumay/cve-2018-1335 https://www.exploit-db.com/exploits/46540 https://access.redhat.com/security/cve/cve-2018-1335

CVE-2018-1335

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect