Apache Tika

Apache Tika 1.15 - 1.17 - Header Command Injection (Metasploit)

This module exploits a command injection vulnerability in Apache Tika 1.15 - 1.17 on Windows. A file with the image/jp2 content-type is used to bypass magic bytes checking. When OCR is specified in the request, parameters can be passed to change the parameters passed at the command line to allow for arbitrary JScript to execute. A JScript stub is passed to execute arbitrary code. This module was verified against version 1.15 - 1.17 on Windows 2012. While the CVE and finding show more versions vulnerable, during testing it was determined only > 1.14 was exploitable due to jp2 support being added.

Link: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/apache_tika_jp2_jscript.rb


blog comments powered by Disqus