This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempts to exploit a remote command injection vulnerability in Apache Tika.
Apache Tika is a software for detecting and extracting metadata and text from different types of files.
Apache Tika is prone to a remote command-injection vulnerability. Specifically, this issue occurs because the tika-server fails to properly handle specially-crafted headers. An attacker can exploit this issue to inject arbitrary commands into the command line of the server running the tika-server.
Note: For the successful exploitation of this issue, tika-server must run on a server that is open to untrusted clients.
An attacker may exploit this issue to inject and execute arbitrary code within the context of the affected application; this may aid in further attacks.
- Tika 1.7 through 1.17 are vulnerable.