Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Apache Tika 1.13 Code Execution Vulnerability

🗓️ 11 Nov 2016 00:00:00Reported by Pierre ErnstType 
zdt
 zdt🔗 0day.today👁 66 Views

Apache Tika 1.13 Code Execution Vulnerability in MATLAB Parse

Related
Code
ReporterTitlePublishedViews
Family
CNVD		Apache Tika Remote Code Execution Vulnerability
16 Nov 201600:00
cnvd
CVE		CVE-2016-6809
6 Apr 201721:00
cve
Cvelist		CVE-2016-6809
6 Apr 201721:00
cvelist
Debian CVE		CVE-2016-6809
6 Apr 201721:00
debiancve
IBM Security Bulletins		Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities
11 Jan 202221:02
ibm
EUVD		EUVD-2018-0628
7 Oct 202500:30
euvd
Fedora		[SECURITY] Fedora 28 Update: tika-1.17-1.fc28
27 Apr 201823:09
fedora
Tenable Nessus		Fedora 28 : tika (2018-639385f5ec)
3 Jan 201900:00
nessus
Github Security Blog		Apache Tika allows Java code execution for serialized objects embedded in MATLAB files
17 Oct 201815:44
github
Imperva Blog		Deserialization Attacks Surge Motivated by Illegal Crypto-mining
24 Jan 201817:45
impervablog
Rows per page
CVE-2016-6809 a Arbitrary Code Execution Vulnerability in Apache Tikaas MATLAB Parser 

Severity: Important 

Vendor: The Apache Software Foundation 

Versions Affected: 1.6-1.13 

Description: Apache Tika wraps the jmatio parser (https://github.com/gradusnikov/jmatio) to handle MATLAB files.  The parser uses native deserialization on serialized Java objects embedded in MATLAB files. A malicious user could inject arbitrary code into a MATLAB file that would be executed when the object is deserialized. 

Mitigation: Turn off MATLAB file parsing or upgrade to Tika 1.14. 

Credit: Pierre Ernst of salesforce.com discovered this issue and contributed to the fix.

#  0day.today [2018-01-11]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
11 Nov 2016 00:00Current
9.3High risk
Vulners AI Score9.3
EPSS0.07049
apache tikacode executionmatlab parservulnerabilityarbitrary codedeserializationmitigationupgrade1.14pierre ernstsalesforce.
66