Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:APACHE:TIKA-SERVER-CMD-INJ |
|---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Apache Tika tika-server Command Injection |
Release Date |
2018/05/24 |
Update Number |
3068 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Apache Tika tika-server Command Injection
This signature detects attempts to exploit a known vulnerability in Apache Tika tika-server. Successful exploitation can result in execution of arbitrary commands on the target server.
Extended Description
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.
Affected Products
- Apache tika 0.1
- Apache tika 0.10
- Apache tika 0.2
- Apache tika 0.3
- Apache tika 0.4
- Apache tika 0.5
- Apache tika 0.6
- Apache tika 0.7
- Apache tika 0.8
- Apache tika 0.9
- Apache tika 1.0
- Apache tika 1.1
- Apache tika 1.10
- Apache tika 1.11
- Apache tika 1.12
- Apache tika 1.13
- Apache tika 1.14
- Apache tika 1.15
- Apache tika 1.16
- Apache tika 1.17
- Apache tika 1.2
- Apache tika 1.3
- Apache tika 1.4
- Apache tika 1.5
- Apache tika 1.6
- Apache tika 1.7
- Apache tika 1.8
- Apache tika 1.9
References
- BugTraq: 104001
- CVE: CVE-2018-1335