CVE-2018-1335

Опубликовано: 25 апр. 2018

Источник: nvd

CVSS3: 8.1

CVSS2: 9.3

EPSS Критический

Описание

From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.

Ссылки

http://packetstormsecurity.com/files/153864/Apache-Tika-1.17-Header-Command-Injection.html
http://www.securityfocus.com/bid/104001
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2019:3140
https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca%40%3Cdev.tika.apache.org%3E
https://www.exploit-db.com/exploits/46540/
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/153864/Apache-Tika-1.17-Header-Command-Injection.html
http://www.securityfocus.com/bid/104001
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2019:3140
https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca%40%3Cdev.tika.apache.org%3E
https://www.exploit-db.com/exploits/46540/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:tika:*:*:*:*:*:*:*:*

Версия до 1.18 (исключая)

EPSS

Процентиль: 100%

0.93644

Критический

8.1 High

CVSS3

9.3 Critical

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2018-1335

CVSS3: 8.1

ubuntu

почти 8 лет назад

CVE-2018-1335

CVSS3: 8.8

redhat

почти 8 лет назад

CVE-2018-1335

CVSS3: 8.1

debian

почти 8 лет назад

From Apache Tika versions 1.7 to 1.17, clients could send carefully cr ...

GHSA-9r24-gp44-h3pm

CVSS3: 8.1

github

больше 7 лет назад

Command injection in org.apache.tika:tika-core

EPSS

Процентиль: 100%

0.93644

Критический

8.1 High

CVSS3

9.3 Critical

CVSS2

Дефекты

NVD-CWE-noinfo