vulnerability

Debian: CVE-2018-1335: tika -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:C/A:C)	04/25/2018	07/30/2024	11/27/2024

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

04/25/2018

Added

07/30/2024

Modified

11/27/2024

Description

From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.

Solution

debian-upgrade-tika

References

CVE-2018-1335
https://attackerkb.com/topics/CVE-2018-1335

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today