CVE-2015-3271: Apache Tika Server exposes sensitive information
5.3
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.49995%
CWE
Published
10/17/2018
Updated
9/12/2023
KEV Status
No
Technology
Java
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
org.apache.tika:tika-server | maven | < 1.10 | 1.10 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from processing the 'fileUrl' header in HTTP requests. TikaResource.parse()
is the primary request handler for tika-server
endpoints. In vulnerable versions, this function would check for the presence of the 'fileUrl' header and directly fetch content from the specified URL without restricting access to local filesystem paths. The lack of validation for URL schemes (like file://
) and path restrictions enabled attackers to read arbitrary local files. This matches the CWE-200 pattern of exposing sensitive data through direct URL handling.