CVE-2018-1335 Scanner
Detects 'Directory Traversal' vulnerability in Apache Tika affects v. 1.7 to 1.17.
Short Info
Level
High
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
15 sec
Scan only one
Url
Parent Category
CVE-2018-1335 Scanner Detail
Apache Tika is an open-source software tool that is used for detecting and extracting metadata and text from various file types such as documents, images, and audio files. This Java-based tool is designed to support different formats of files and extract information quickly and efficiently. The main purpose of Tika is to provide a uniform interface for extracting content and metadata from several sources to enable interoperability between various content management systems, file format viewers, or search engines.
The CVE-2018-1335 vulnerability was discovered in Apache Tika versions 1.7 to 1.17. This vulnerability allowed unauthenticated users to execute arbitrary commands using crafted headers sent to Tika Server. Attackers could potentially gain unauthorized access to the server and inject malicious code that could lead to data theft, denial of service attacks, or even complete server takeover. The vulnerability lies in the way Tika interacts with the command line, which makes it vulnerable to command injection attacks.
When this vulnerability is exploited, it could lead to severe consequences such as data breaches, unauthorized access to sensitive information, and potential reputational damage. If an attacker gains access to a company's server, they could potentially install malware, steal customer data, and even use the server as a platform to launch further attacks on other systems.
Thanks to the pro features of the securityforeveryone.com platform, those who read this article can easily and quickly learn about vulnerabilities in their digital assets. With access to comprehensive vulnerability databases, advanced scanning, and reporting tools, users can quickly identify and address security vulnerabilities and minimize their exposure to cyber threats. Additionally, the platform provides regular updates and alerts on new vulnerabilities in popular software tools, making it easier to stay up-to-date on the latest threats.
REFERENCES
- http://packetstormsecurity.com/files/153864/Apache-Tika-1.17-Header-Command-Injection.html
- http://www.securityfocus.com/bid/104001
- https://access.redhat.com/errata/RHSA-2019:3140
- https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E
- https://www.exploit-db.com/exploits/46540/
control security posture