Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2018-1335

Description

From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.

POC

Reference

- http://packetstormsecurity.com/files/153864/Apache-Tika-1.17-Header-Command-Injection.html

- https://www.exploit-db.com/exploits/46540/

Github

- https://github.com/0xT11/CVE-POC

- https://github.com/20142995/nuclei-templates

- https://github.com/ARPSyndicate/cvemon

- https://github.com/ARPSyndicate/kenzer-templates

- https://github.com/ArtemCyberLab/Hacking-Through-the-Lens

- https://github.com/CybVulnHunter/nmap-guidelines

- https://github.com/DigitalNinja00/CVE-2018-1335

- https://github.com/Elsfa7-110/kenzer-templates

- https://github.com/H4cksploit/CVEs-master

- https://github.com/HackOvert/awesome-bugs

- https://github.com/N0b1e6/CVE-2018-1335-Python3

- https://github.com/NetW0rK1le3r/awesome-hacking-lists

- https://github.com/RhinoSecurityLabs/CVEs

- https://github.com/SkyBlueEternal/CVE-2018-1335-EXP-GUI

- https://github.com/ThePirateWhoSmellsOfSunflowers/TheHackerLinks

- https://github.com/Zebra64/CVE-2018-1335

- https://github.com/alphaSeclab/sec-daily-2019

- https://github.com/canumay/cve-2018-1335

- https://github.com/deut-erium/inter-iit-netsec

- https://github.com/developer3000S/PoC-in-GitHub

- https://github.com/hectorgie/PoC-in-GitHub

- https://github.com/likekabin/CVEs_new_by_Rhino-Security-Labs-

- https://github.com/likescam/CVEs_new_by_Rhino-Security-Labs-

- https://github.com/lnick2023/nicenice

- https://github.com/merlinepedra/RHINOECURITY-CVEs

- https://github.com/merlinepedra25/RHINOSECURITY-CVEs

- https://github.com/nattimmis/CVE-Collection

- https://github.com/qazbnm456/awesome-cve-poc

- https://github.com/r0eXpeR/redteam_vul

- https://github.com/readloud/Awesome-Stars

- https://github.com/siramk/CVE-2018-1335

- https://github.com/sunzu94/AWS-CVEs

- https://github.com/twhelan25/tryhackme-CTF-writeup-for-cyberlens

- https://github.com/xbl2022/awesome-hacking-lists

- https://github.com/xbl3/awesome-cve-poc_qazbnm456

- https://github.com/zhengjim/loophole