5.3

CVSS Score

3.0

Basic Information

CVE ID

CVE-2015-3271

GHSA ID

GHSA-ccjp-w723-2jf2

EPSS Score

0.49995%

CWE

CWE-200

Published

10/17/2018

Updated

9/12/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2015-3271

CVE-2015-3271: Apache Tika Server exposes sensitive information

Apache Tika provides optional functionality to run itself as a web service to allow remote use. When used in this manner, it's possible for a 3rd party to pass a 'fileUrl' header to the Apache Tika Server (tika-server) before version 1.10. This header lets a remote client request that the server fetches content from the URL provided, including files from the server's local filesystem. Depending on the file permissions set on the local filesystem, this could be used to return sensitive content from the server machine.

This vulnerability only exists if you are running the tika-server version 1.9, and you allow un-trusted access to the tika-server URL. Usage of Apache Tika as a standard library is not affected.

(GitHub Advisory)

5.3

CVSS Score

3.0

Basic Information

CVE ID

CVE-2015-3271

GHSA ID

GHSA-ccjp-w723-2jf2

EPSS Score

0.49995%

CWE

CWE-200

Published

10/17/2018

Updated

9/12/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.tika:tika-server	maven	< 1.10	1.10

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from processing the 'fileUrl' header in HTTP requests. TikaResource.parse() is the primary request handler for tika-server endpoints. In vulnerable versions, this function would check for the presence of the 'fileUrl' header and directly fetch content from the specified URL without restricting access to local filesystem paths. The lack of validation for URL schemes (like file://) and path restrictions enabled attackers to read arbitrary local files. This matches the CWE-200 pattern of exposing sensitive data through direct URL handling.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*p**** Tik* provi**s option*l *un*tion*lity to run its*l* *s * w** s*rvi** to *llow r*mot* us*. W**n us** in t*is m*nn*r, it's possi*l* *or * *r* p*rty to p*ss * '*il*Url' *****r to t** *p**** Tik* S*rv*r (tik*-s*rv*r) ***or* v*rsion *.**. T*is *****

Reasoning

T** vuln*r**ility st*ms *rom pro**ssin* t** '*il*Url' *****r in *TTP r*qu*sts. `Tik*R*sour**.p*rs*()` is t** prim*ry r*qu*st **n*l*r *or `tik*-s*rv*r` *n*points. In vuln*r**l* v*rsions, t*is *un*tion woul* ****k *or t** pr*s*n** o* t** '*il*Url' ****

5.3

Basic Information

Concerned about an active attack path?

CVE-2015-3271: Apache Tika Server exposes sensitive information

5.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI