1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Apache Tika Remote CMD Injection CVE-2018-1335

Web Attack: Apache Tika Remote CMD Injection CVE-2018-1335

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a remote command injection vulnerability in Apache Tika.

Additional Information

Apache Tika is a software for detecting and extracting metadata and text from different types of files.

Apache Tika is prone to a remote command-injection vulnerability. Specifically, this issue occurs because the tika-server fails to properly handle specially-crafted headers. An attacker can exploit this issue to inject arbitrary commands into the command line of the server running the tika-server.

Note: For the successful exploitation of this issue, tika-server must run on a server that is open to untrusted clients.

An attacker may exploit this issue to inject and execute arbitrary code within the context of the affected application; this may aid in further attacks.

Affected

  • Tika 1.7 through 1.17 are vulnerable.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube