Is CVE-2018-1335 known to be exploited?

38 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Tika

CVE-2018-1335

From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running…

EPSS: 0.939 (99.9th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Tika — versions 1.7 to 1.17

Public proof-of-concept exploits

References

[dev] 20180425 [CVE-2018-1335] Command Injection Vulnerability in Apache Tika's tika-server module (mailing-list, x_refsource_MLIST)
104001 (vdb-entry, x_refsource_BID)
46540 (exploit, x_refsource_EXPLOIT-DB)
packetstormsecurity.com/files/153864/Apache-Tika-1.17-Header-Command-Injection… (x_refsource_MISC)
RHSA-2019:3140 (x_refsource_REDHAT, vendor-advisory)

Frequently asked questions

What is CVE-2018-1335?: CVE-2018-1335 is a vulnerability in Apache Software Foundation Tika. Published 2018-04-25.
Is CVE-2018-1335 known to be exploited?: 38 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.