QwikSec

Security Database

CVE

CWE

Training

CVE-2018-1335

Published: Apr 25, 2018

Modified: Sep 17, 2024

PUBLISHED

Description

From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.

Vendor	Product	Versions
Apache Software Foundation	Apache Tika	affected `1.7 to 1.17`

References

[dev] 20180425 [CVE-2018-1335] Command Injection Vulnerability in Apache Tika's tika-server module

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_BID

exploit

x_refsource_EXPLOIT-DB

http://packetstormsecurity.com/files/153864/Apache-Tika-1.17-Header-Command-Injection.html

x_refsource_MISC

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.