VDB
CVE-2018-1335
CVE-2018-1335
PUBLISHED
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.
EPSS 93.88% · 99.9th percentile
Risk Scores
EPSS Score
93.88%
99.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:25.10 | tika | 0, 1.22-2 |
Exploit Intelligence
- GUI版 EXP (github-poc-repo)
- GUI版 EXP (github-poc-repo)
- GUI版 EXP (github-poc-repo)
- GUI版 EXP (github-poc-repo)
- GUI版 EXP (github-poc-repo)
- GUI版 EXP (github-poc-repo)
- GUI版 EXP (github-poc-repo)
- N0b1e6/CVE-2018-1335-Python3 (github-poc-repo)
- N0b1e6/CVE-2018-1335-Python3 (github-poc-repo)
- N0b1e6/CVE-2018-1335-Python3 (github-poc-repo)
…and 151 more exploits
Timeline
- Apr 25, 2018 CVE Published
- Mar 13, 2019 PoC Published
- Mar 13, 2019 PoC Published
- Aug 5, 2019 PoC Published
- Aug 5, 2019 PoC Published
- Aug 15, 2019 PoC Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Sep 8, 2021 CVE Updated
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-1335 third-party-advisory
- http://www.openwall.com/lists/oss-security/2018/04/25/8 third-party-advisory
- https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-1335 third-party-advisory