CVE-2018-1335 Scanner
CVE-2018-1335 scanner - Directory Traversal vulnerability in Apache Tika
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
15 seconds
Time Interval
4 weeks
Scan only one
URL
Toolbox
-
Apache Tika is an open-source software tool that is used for detecting and extracting metadata and text from various file types such as documents, images, and audio files. This Java-based tool is designed to support different formats of files and extract information quickly and efficiently. The main purpose of Tika is to provide a uniform interface for extracting content and metadata from several sources to enable interoperability between various content management systems, file format viewers, or search engines.
The CVE-2018-1335 vulnerability was discovered in Apache Tika versions 1.7 to 1.17. This vulnerability allowed unauthenticated users to execute arbitrary commands using crafted headers sent to Tika Server. Attackers could potentially gain unauthorized access to the server and inject malicious code that could lead to data theft, denial of service attacks, or even complete server takeover. The vulnerability lies in the way Tika interacts with the command line, which makes it vulnerable to command injection attacks.
When this vulnerability is exploited, it could lead to severe consequences such as data breaches, unauthorized access to sensitive information, and potential reputational damage. If an attacker gains access to a company's server, they could potentially install malware, steal customer data, and even use the server as a platform to launch further attacks on other systems.
Thanks to the pro features of the s4e.io platform, those who read this article can easily and quickly learn about vulnerabilities in their digital assets. With access to comprehensive vulnerability databases, advanced scanning, and reporting tools, users can quickly identify and address security vulnerabilities and minimize their exposure to cyber threats. Additionally, the platform provides regular updates and alerts on new vulnerabilities in popular software tools, making it easier to stay up-to-date on the latest threats.
REFERENCES
- http://packetstormsecurity.com/files/153864/Apache-Tika-1.17-Header-Command-Injection.html
- http://www.securityfocus.com/bid/104001
- https://access.redhat.com/errata/RHSA-2019:3140
- https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E
- https://www.exploit-db.com/exploits/46540/
