Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-9R24-GP44-H3PM
HistoryOct 17, 2018 - 3:43 p.m.

Command injection in org.apache.tika:tika-core

2018-10-1715:43:43
GitHub Advisory Database
github.com
17

7.9 High

AI Score

Confidence

High

0.967 High

EPSS

Percentile

99.7%

JSON

From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.

CPENameOperatorVersion
org.apache.tika:tika-corelt1.18

Related

osv 2
ubuntucve 1
zdt 2
nuclei 1
rhino 1
metasploit 1
checkpoint_advisories 1
exploitpack 1
cve 1
debiancve 1
cvelist 1
redhatcve 1
packetstorm 2
veracode 1
attackerkb 1
prion 1
exploitdb 2
openvas 1
f5 1
redhat 1
ibm 1
osv
osv
CVE-2018-1335
2018-04-25 21:29:00
High severity vulnerability that affects org.apache.tika:tika-core
2018-10-17 15:43:43
ubuntucve
ubuntucve
CVE-2018-1335
2018-04-25 00:00:00
zdt
zdt
Apache Tika 1.15 - 1.17 - Header Command Injection Exploit
2019-08-05 00:00:00
Apache Tika-server < 1.18 - Command Injection Exploit
2019-03-13 00:00:00
nuclei
nuclei
Apache Tika <1.1.8- Header Command Injection
2021-02-27 03:18:29
rhino
rhino
Exploiting CVE-2018-1335:Command Injection in Apache Tika
2019-03-12 10:41:43
metasploit
metasploit
Apache Tika Header Command Injection
2019-03-29 02:05:05
checkpoint_advisories
checkpoint_advisories
Apache Tika Command Injection (CVE-2018-1335)
2018-12-06 00:00:00
exploitpack
exploitpack
Apache Tika-server 1.18 - Command Injection
2019-03-13 00:00:00
cve
cve
CVE-2018-1335
2018-04-25 21:29:00
debiancve
debiancve
CVE-2018-1335
2018-04-25 21:29:00
cvelist
cvelist
CVE-2018-1335
2018-04-25 00:00:00
redhatcve
redhatcve
CVE-2018-1335
2018-04-27 01:59:08
packetstorm
packetstorm
Apache Tika 1.17 Header Command Injection
2019-08-02 00:00:00
Apache Tika Server Command Injection
2019-03-13 00:00:00
veracode
veracode
Arbitrary Command Injection
2018-04-26 02:35:04
attackerkb
attackerkb
Apache Tika Header Command Injection CVE-2018-1335
2018-04-25 00:00:00
prion
prion
Design/Logic Flaw
2018-04-25 21:29:00
exploitdb
exploitdb
Apache Tika 1.15 - 1.17 - Header Command Injection (Metasploit)
2019-08-05 00:00:00
Apache Tika-server &lt; 1.18 - Command Injection
2019-03-13 00:00:00
openvas
openvas
Apache Tika Server 1.17 Multiple Vulnerabilities
2018-04-26 00:00:00
f5
f5
K11522001 : Apache vulnerabilities CVE-2018-1313, CVE-2018-1338, CVE-2018-1339, CVE-2018-1335, and CVE-2018-8003
2018-07-17 00:00:00
redhat
redhat
(RHSA-2019:3140) Important: Red Hat JBoss Data Virtualization 6.4.8 security update
2019-10-17 14:53:06
ibm
ibm
Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities
2022-01-11 21:02:17

7.9 High

AI Score

Confidence

High

0.967 High

EPSS

Percentile

99.7%

JSON
Related for GHSA-9R24-GP44-H3PM
osv2ubuntucve1zdt2nuclei1rhino1metasploit1checkpoint_advisories1exploitpack1cve1debiancve1cvelist1redhatcve1packetstorm2veracode1attackerkb1prion1exploitdb2openvas1f51redhat1ibm1