CVE-2018-11762 - OpenCVE

In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Apache	Tika

Configuration 1 [-]

cpe:2.3:a:apache:tika:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/105515	Third Party Advisory VDB Entry
https://lists.apache.org/thread.html/ab2e1af38975f5fc462ba89b517971ef892ec3d06bee12ea2258895b%40%3Cdev.tika.apache.org%3E

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apache

Published: 2018-09-19T00:00:00

Updated: 2018-10-07T09:57:02

Reserved: 2018-06-05T00:00:00

Link: CVE-2018-11762

JSON object: View

NVD Information

Status : Modified

Published: 2018-09-19T14:29:00.397

Modified: 2023-11-07T02:51:45.060

Link: CVE-2018-11762

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "Apache Tika", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "0.9 to 1.18"}]}], "datePublic": "2018-09-19T00:00:00", "descriptions": [{"lang": "en", "value": "In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as \"C:/evil.bat\", tika-app would overwrite that file."}], "problemTypes": [{"descriptions": [{"description": "Zip Slip Vulnerability in Apache Tika's tika-app", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-07T09:57:02", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"name": "105515", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105515"}, {"name": "[tika-dev] 20180919 [CVE-2018-11762] Zip Slip Vulnerability in Apache Tika's tika-app", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/ab2e1af38975f5fc462ba89b517971ef892ec3d06bee12ea2258895b%40%3Cdev.tika.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2018-09-19T00:00:00", "ID": "CVE-2018-11762", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Tika", "version": {"version_data": [{"version_value": "0.9 to 1.18"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as \"C:/evil.bat\", tika-app would overwrite that file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Zip Slip Vulnerability in Apache Tika's tika-app"}]}]}, "references": {"reference_data": [{"name": "105515", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105515"}, {"name": "[tika-dev] 20180919 [CVE-2018-11762] Zip Slip Vulnerability in Apache Tika's tika-app", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ab2e1af38975f5fc462ba89b517971ef892ec3d06bee12ea2258895b@%3Cdev.tika.apache.org%3E"}]}}}}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2018-11762", "datePublished": "2018-09-19T00:00:00", "dateReserved": "2018-06-05T00:00:00", "dateUpdated": "2018-10-07T09:57:02", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:tika:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC8AED57-840B-4C6F-98BC-DFAD4D5893DE", "versionEndIncluding": "1.18", "versionStartIncluding": "0.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as \"C:/evil.bat\", tika-app would overwrite that file."}, {"lang": "es", "value": "En Apache Tika desde la versi\u00f3n 0.9 hasta la 1.18, en el caso extremo de que un usuario no especifique un directorio de extracci\u00f3n en la l\u00ednea de comandos (--extract-dir=) y el archivo entrante tenga un archivo incrustado con una ruta absoluta como \"C:/evil.bat\", tika-app podr\u00eda sobrescribir ese archivo."}], "id": "CVE-2018-11762", "lastModified": "2023-11-07T02:51:45.060", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-19T14:29:00.397", "references": [{"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105515"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/ab2e1af38975f5fc462ba89b517971ef892ec3d06bee12ea2258895b%40%3Cdev.tika.apache.org%3E"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}