Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2018-1335
HistoryApr 25, 2018 - 9:29 p.m.

CVE-2018-1335

2018-04-2521:29:00
Debian Security Bug Tracker
security-tracker.debian.org
10

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.968 High

EPSS

Percentile

99.7%

JSON

From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.

OSVersionArchitecturePackageVersionFilename
Debian11alltika< 1.18-1tika_1.18-1_all.deb
Debian999alltika< 1.18-1tika_1.18-1_all.deb

Related

cve 1
exploitpack 1
cvelist 1
zdt 2
packetstorm 2
redhatcve 1
ubuntucve 1
osv 2
github 1
checkpoint_advisories 1
nuclei 1
nvd 1
rhino 1
metasploit 1
veracode 1
prion 1
attackerkb 1
exploitdb 2
openvas 1
f5 1
redhat 1
ibm 1
cve
cve
CVE-2018-1335
2018-04-25 21:29:00
exploitpack
exploitpack
Apache Tika-server 1.18 - Command Injection
2019-03-13 00:00:00
cvelist
cvelist
CVE-2018-1335
2018-04-25 00:00:00
zdt
zdt
Apache Tika-server < 1.18 - Command Injection Exploit
2019-03-13 00:00:00
Apache Tika 1.15 - 1.17 - Header Command Injection Exploit
2019-08-05 00:00:00
packetstorm
packetstorm
Apache Tika 1.17 Header Command Injection
2019-08-02 00:00:00
Apache Tika Server Command Injection
2019-03-13 00:00:00
redhatcve
redhatcve
CVE-2018-1335
2018-04-27 01:59:08
ubuntucve
ubuntucve
CVE-2018-1335
2018-04-25 00:00:00
osv
osv
CVE-2018-1335
2018-04-25 21:29:00
High severity vulnerability that affects org.apache.tika:tika-core
2018-10-17 15:43:43
github
github
Command injection in org.apache.tika:tika-core
2018-10-17 15:43:43
checkpoint_advisories
checkpoint_advisories
Apache Tika Command Injection (CVE-2018-1335)
2018-12-06 00:00:00
nuclei
nuclei
Apache Tika <1.1.8- Header Command Injection
2021-02-27 03:18:29
nvd
nvd
CVE-2018-1335
2018-04-25 21:29:00
rhino
rhino
Exploiting CVE-2018-1335:Command Injection in Apache Tika
2019-03-12 10:41:43
metasploit
metasploit
Apache Tika Header Command Injection
2019-03-29 02:05:05
veracode
veracode
Arbitrary Command Injection
2018-04-26 02:35:04
prion
prion
Design/Logic Flaw
2018-04-25 21:29:00
attackerkb
attackerkb
Apache Tika Header Command Injection CVE-2018-1335
2018-04-25 00:00:00
exploitdb
exploitdb
Apache Tika-server &lt; 1.18 - Command Injection
2019-03-13 00:00:00
Apache Tika 1.15 - 1.17 - Header Command Injection (Metasploit)
2019-08-05 00:00:00
openvas
openvas
Apache Tika Server 1.17 Multiple Vulnerabilities
2018-04-26 00:00:00
f5
f5
K11522001 : Apache vulnerabilities CVE-2018-1313, CVE-2018-1338, CVE-2018-1339, CVE-2018-1335, and CVE-2018-8003
2018-07-17 00:00:00
redhat
redhat
(RHSA-2019:3140) Important: Red Hat JBoss Data Virtualization 6.4.8 security update
2019-10-17 14:53:06
ibm
ibm
Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities
2022-01-11 21:02:17

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.968 High

EPSS

Percentile

99.7%

JSON
Related for DEBIANCVE:CVE-2018-1335
cve1exploitpack1cvelist1zdt2packetstorm2redhatcve1ubuntucve1osv2github1checkpoint_advisories1nuclei1nvd1rhino1metasploit1veracode1prion1attackerkb1exploitdb2openvas1f51redhat1ibm1