PT-2018-11769 · Apache · Apache Tika

Daveysec

Published

2018-04-25

Updated

2019-10-03

CVE-2018-1335

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apache Tika versions 1.7 through 1.17

Description The issue allows clients to send specially crafted headers to the tika-server, potentially injecting commands into the server's command line. This affects servers running tika-server and exposed to untrusted clients.

Recommendations For Apache Tika versions 1.7 through 1.17, upgrade to Tika 1.18 to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-1335

GHSA-9R24-GP44-H3PM

Affected Products

Apache Tika

PT-2018-11769 · Apache · Apache Tika

CVE-2018-1335

Related Identifiers

Affected Products

References · 20