HomePentest-Tools.com Logo

Apache Tika Server Zip Slip Arbitrary File Overwrite Vulnerability CVE-2018-11762

Severity
CVSSv3 Score
5.9
Vulnerability description

Apache Tika Server is prone to a zip slip arbitrary file overwrite vulnerability.

Risk description

The flaw exists due to an error where a user does not specify an extract directory on the commandline and the input file has an embedded file with an absolute path, tika-app overwrites that file. Successful exploitation will allow remote attackers to overwrite arbitrary files.

Recommendation

Update to version 1.19 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Sep 19, 2018
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available