Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-uyg4-mswu-s3f5
Vulnerability ID VCID-uyg4-mswu-s3f5
Aliases CVE-2018-1335
GHSA-9r24-gp44-h3pm
Summary Code Injection From Apache Tika, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
System Score Found at
cvssv3.1 8.1 http://packetstormsecurity.com/files/153864/Apache-Tika-1.17-Header-Command-Injection.html
generic_textual HIGH http://packetstormsecurity.com/files/153864/Apache-Tika-1.17-Header-Command-Injection.html
cvssv3.1 8.1 https://access.redhat.com/errata/RHSA-2019:3140
generic_textual HIGH https://access.redhat.com/errata/RHSA-2019:3140
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1335.json
epss 0.93876 https://api.first.org/data/v1/epss?cve=CVE-2018-1335
epss 0.93876 https://api.first.org/data/v1/epss?cve=CVE-2018-1335
cvssv3.1 8.1 https://github.com/advisories/GHSA-9r24-gp44-h3pm
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-9r24-gp44-h3pm
generic_textual HIGH https://github.com/advisories/GHSA-9r24-gp44-h3pm
cvssv3.1 8.1 https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E
cvssv3.1 8.1 https://nvd.nist.gov/vuln/detail/CVE-2018-1335
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2018-1335
cvssv3.1 8.1 https://www.exploit-db.com/exploits/46540
generic_textual HIGH https://www.exploit-db.com/exploits/46540
cvssv3.1 8.1 http://www.securityfocus.com/bid/104001
generic_textual HIGH http://www.securityfocus.com/bid/104001
Reference id Reference type URL
http://packetstormsecurity.com/files/153864/Apache-Tika-1.17-Header-Command-Injection.html
https://access.redhat.com/errata/RHSA-2019:3140
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1335.json
https://api.first.org/data/v1/epss?cve=CVE-2018-1335
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1335
https://github.com/apache/tika/commit/302f22aff7a836868b270038e1d66002a2004869
https://github.com/apache/tika/commit/4fdc51a40bf9532d7db57d0b08c1aec3931468ad
https://github.com/apache/tika/commit/5d983aad0b68a228f180686a4135ed8c7cd589f1
https://github.com/apache/tika/commit/b2d3932b847a171a85e356aa230af461a0f80d91
https://github.com/apache/tika/commit/d1bc09386405d28d6b0f0a29ce8c3e7efd72d6c7
https://github.com/apache/tika/commit/e82c2efd2b1ac731b6954634741b70ecf0ed6f01
https://github.com/apache/tika/commit/ffb48dd29d0c2009490caefda75e5b57c7958c51
https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E
https://www.exploit-db.com/exploits/46540
https://www.exploit-db.com/exploits/46540/
http://www.securityfocus.com/bid/104001
1572416 https://bugzilla.redhat.com/show_bug.cgi?id=1572416
CVE-2018-1335 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/46540.py
CVE-2018-1335 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/47208.rb
CVE-2018-1335 https://nvd.nist.gov/vuln/detail/CVE-2018-1335
CVE-2018-1335 Exploit https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/apache_tika_jp2_jscript.rb
CVE-2018-1335 Exploit https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/
GHSA-9r24-gp44-h3pm https://github.com/advisories/GHSA-9r24-gp44-h3pm
Data source Metasploit
Description This module exploits a command injection vulnerability in Apache Tika 1.15 - 1.17 on Windows. A file with the image/jp2 content-type is used to bypass magic bytes checking. When OCR is specified in the request, parameters can be passed to change the parameters passed at command line to allow for arbitrary JScript to execute. A JScript stub is passed to execute arbitrary code. This module was verified against version 1.15 - 1.17 on Windows 2012. While the CVE and finding show more versions vulnerable, during testing it was determined only > 1.14 was exploitable due to jp2 support being added.
Note 
Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects
Ransomware campaign use Unknown
Source publication date April 25, 2018
Platform Windows
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/windows/http/apache_tika_jp2_jscript.rb
Data source Exploit-DB
Date added March 13, 2019
Description Apache Tika-server < 1.18 - Command Injection
Ransomware campaign use Known
Source publication date March 13, 2019
Exploit type remote
Platform windows
Source update date Aug. 5, 2019
Source URL https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/153864/Apache-Tika-1.17-Header-Command-Injection.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2019:3140
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1335.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/advisories/GHSA-9r24-gp44-h3pm
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-1335
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/46540
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/bid/104001
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.9988
EPSS Score 0.93876
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-02T04:37:40.225209+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tika/tika-server/CVE-2018-1335.yml 38.6.0