What is the severity of CVE-2015-3271?

CVE-2015-3271 is classified as a medium severity vulnerability.

How do I fix CVE-2015-3271?

To mitigate CVE-2015-3271, upgrade Apache Tika to version 1.10 or later.

What type of vulnerability is CVE-2015-3271?

CVE-2015-3271 is a remote code execution vulnerability due to improper handling of the 'fileUrl' header.

Who is affected by CVE-2015-3271?

CVE-2015-3271 affects users of Apache Tika version 1.9 when running as a web service.

What is the impact of CVE-2015-3271?

The impact of CVE-2015-3271 allows an attacker to execute arbitrary code on the server by exploiting the 'fileUrl' header.

Vulnerability/
CVE-2015-3271

medium

5.3

CWE

200

15/12/2016

17/10/2018

6/8/2024

CVE-2015-3271: Infoleak

First published: Thu Dec 15 2016(Updated: )

Apache Tika provides optional functionality to run itself as a web service to allow remote use. When used in this manner, it's possible for a 3rd party to pass a 'fileUrl' header to the Apache Tika Server (tika-server) before version 1.10. This header lets a remote client request that the server fetches content from the URL provided, including files from the server's local filesystem. Depending on the file permissions set on the local filesystem, this could be used to return sensitive content from the server machine. This vulnerability only exists if you are running the tika-server version 1.9, and you allow un-trusted access to the tika-server URL. Usage of Apache Tika as a standard library is not affected.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
Apache Tika	=1.9

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-3271?
CVE-2015-3271 is classified as a medium severity vulnerability.
How do I fix CVE-2015-3271?
To mitigate CVE-2015-3271, upgrade Apache Tika to version 1.10 or later.
What type of vulnerability is CVE-2015-3271?
CVE-2015-3271 is a remote code execution vulnerability due to improper handling of the 'fileUrl' header.
Who is affected by CVE-2015-3271?
CVE-2015-3271 affects users of Apache Tika version 1.9 when running as a web service.
What is the impact of CVE-2015-3271?
The impact of CVE-2015-3271 allows an attacker to execute arbitrary code on the server by exploiting the 'fileUrl' header.

collector/github-advisory-latest
alias/GHSA-ccjp-w723-2jf2
alias/CVE-2015-3271
collector/github-advisory
collector/nvd-index
collector/nvd-cve
agent/author
agent/type
agent/references
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/weakness
agent/description
agent/first-publish-date
agent/event
agent/trending
agent/tags
agent/source
package-manager/maven
vendor/apache
canonical/apache tika
version/apache tika/1.9

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.