Vulnerability: Apache Tika <1.1.8- Header Command Injection

Apache Tika versions 1.7 to 1.17 allow clients to send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients.

Impact

Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected server.

Severity

high

Verified

Unknown