HomePentest-Tools.com Logo

Apache Tika Server 1.17 Multiple Vulnerabilities CVE-2018-1335CVE-2018-1338CVE-2018-1339

Severity
CVSSv3 Score
5.5
Vulnerability description

Apache Tika Server is prone to multiple vulnerabilities, including Command Execution and Denial of Service

Risk description

The following vulnerabilities exist: In Apache Tika, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tikas BPGParser. A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tikas ChmParser. Successful exploitation could allow an attacker to eventually gain full control over the target system.

Recommendation

Update to version 1.18.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Apr 25, 2018
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available