CVE-2018-1335
The target Apache Tika instance on the CyberLens(10.10.53.112) host. is vulnerable to CVE-2018-1335 due to its outdated version; 1.17
A vulnerability was found in Apache Tika up to 1.17. It has been rated as critical. Affected by this issue is some unknown functionality of the component tika-server. The manipulation leads to command injection. This vulnerability is handled as CVE-2018-1335. The attack may be launched remotely. Furthermore, there is an exploit available. A worm is spreading, which is automatically exploiting this vulnerability.
Exploit
┌──(kali㉿kali)-[~/archive/thm/cyberlens]
└─$ searchsploit -m windows/remote/46540.py ; mv 46540.py CVE-2018-1335.py
Exploit: Apache Tika-server < 1.18 - Command Injection
URL: https://www.exploit-db.com/exploits/46540
Path: /usr/share/exploitdb/exploits/windows/remote/46540.py
Codes: CVE-2018-1335
Verified: True
File Type: Python script, ASCII text executable
Copied to: /home/kali/archive/thm/cyberlens/46540.pyExploit locally available.