Miggo Logo

CVE-2015-3271: Apache Tika Server exposes sensitive information

5.3

CVSS Score
3.0

Basic Information

EPSS Score
0.49995%
Published
10/17/2018
Updated
9/12/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.tika:tika-servermaven< 1.101.10

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from processing the 'fileUrl' header in HTTP requests. TikaResource.parse() is the primary request handler for tika-server endpoints. In vulnerable versions, this function would check for the presence of the 'fileUrl' header and directly fetch content from the specified URL without restricting access to local filesystem paths. The lack of validation for URL schemes (like file://) and path restrictions enabled attackers to read arbitrary local files. This matches the CWE-200 pattern of exposing sensitive data through direct URL handling.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*p**** Tik* provi**s option*l *un*tion*lity to run its*l* *s * w** s*rvi** to *llow r*mot* us*. W**n us** in t*is m*nn*r, it's possi*l* *or * *r* p*rty to p*ss * '*il*Url' *****r to t** *p**** Tik* S*rv*r (tik*-s*rv*r) ***or* v*rsion *.**. T*is *****

Reasoning

T** vuln*r**ility st*ms *rom pro**ssin* t** '*il*Url' *****r in *TTP r*qu*sts. `Tik*R*sour**.p*rs*()` is t** prim*ry r*qu*st **n*l*r *or `tik*-s*rv*r` *n*points. In vuln*r**l* v*rsions, t*is *un*tion woul* ****k *or t** pr*s*n** o* t** '*il*Url' ****