Vulnerability identifier: #VU21948

Vulnerability risk: High

CVSSv3.1: 9.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2018-1335

CWE-ID: CWE-78

Exploitation vector: Network

Exploits in database: 4

• June 17, 2021
  • Apache Tika-server < 1.18 - Command Injection [Exploit-DB]
  • Apache Tika 1.15 - 1.17 - Header Command Injection (Metasploit) [Exploit-DB]
• March 18, 2020
  • CVEs (A collection of proof-of-concept exploit scripts written by the team at Rhino Security Labs for various CVEs.) [Github]
  • Apache Tika Header Command Injection [Metasploit]

Impact: Code execution

Vulnerable software:
Apache Tika
Server applications / Other server solutions

Vendor: Apache Foundation