PT-2018-11769 · Apache · Apache Tika

Daveysec

Publicado

2018-04-25

Atualizado

2019-10-03

CVE-2018-1335

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apache Tika versions 1.7 through 1.17

Description The issue allows clients to send specially crafted headers to the tika-server, potentially injecting commands into the server's command line. This affects servers running tika-server and exposed to untrusted clients.

Recommendations For Apache Tika versions 1.7 through 1.17, upgrade to Tika 1.18 to resolve the issue.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2018-1335

GHSA-9R24-GP44-H3PM

Produtos afetados

Apache Tika

PT-2018-11769 · Apache · Apache Tika

CVE-2018-1335

Identificadores relacionados

Produtos afetados

Referências · 20