Command Injection Vulnerability in Apache Tika Server (Versions 1.7 to 1.17)

Command Injection Vulnerability in Apache Tika Server (Versions 1.7 to 1.17)

CVE-2018-1335 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.

Learn more about our Cis Benchmark Audit For Apache Http Server.