E18-0k0n1
CVSS:
8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
False Positive:
f
Variants:
2
Year:
2018
Description
This strike exploits a post-authentication remote code execution vulnerability found in Apache Tika Server. The vulnerability is due to improper input validation while processing HTTP headers from client requests. An attacker could exploit this vulnerability by crafting a special HTML request, resulting in execution of arbitrary commands under the privileges of the current user.