https://bugzilla.redhat.com/show_bug.cgi?id=1572416
Bug ID: 1572416
Summary: CVE-2018-1335 tika: Command injection in tika-server
can allow remote attackers to execute arbitrary
commands via crafted headers
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: sfowler(a)redhat.com
CC: abergmann(a)suse.com, aileenc(a)redhat.com,
alazarot(a)redhat.com, anstephe(a)redhat.com,
bkearney(a)redhat.com, chazlett(a)redhat.com,
drieden(a)redhat.com, etirelli(a)redhat.com,
ggainey(a)redhat.com, gvarsami(a)redhat.com,
hghasemb(a)redhat.com, hhorak(a)redhat.com,
ibek(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jcoleman(a)redhat.com, jolee(a)redhat.com,
jorton(a)redhat.com, jschatte(a)redhat.com,
jstastny(a)redhat.com, kconner(a)redhat.com,
kverlaen(a)redhat.com, ldimaggi(a)redhat.com,
lef(a)fedoraproject.org, lpetrovi(a)redhat.com,
mat.booth(a)redhat.com, meissner(a)suse.de,
nwallace(a)redhat.com, paradhya(a)redhat.com,
pavelp(a)redhat.com, pszubiak(a)redhat.com,
puntogil(a)libero.it, rhel8-maint(a)redhat.com,
rrajasek(a)redhat.com, rsynek(a)redhat.com,
rwagner(a)redhat.com, rzhang(a)redhat.com,
sdaley(a)redhat.com, tcunning(a)redhat.com,
tkirby(a)redhat.com, tlestach(a)redhat.com,
vhalbert(a)redhat.com
Apache Tika before version 1.18 has a command injection vulnerability in
tika-server. A remote attacker could exploit this to execute arbitrary commands
via crafted headers.
External References:
https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b268...
--
You are receiving this mail because:
You are on the CC list for the bug.