CVE-2015-3271

MEDIUM

Apache Tika Server < 1.10 - Exposure of Sensitive Information via HTTP fileUrl Header

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2015-3271. PoCs published by dawetmaster, andikahilmy.

AI-analyzed exploit summary This repository contains the source code for Apache Tika, specifically a vulnerable version related to CVE-2015-3271. However, it does not include any exploit code or proof-of-concept demonstrating the vulnerability.

Description

Apache Tika server (aka tika-server) in Apache Tika 1.9 might allow remote attackers to read arbitrary files via the HTTP fileUrl header.

Exploits (2)

nomisec STUB

by dawetmaster · poc

https://github.com/dawetmaster/CVE-2015-3271-tika-vulnerable

View Code ZIP pw:eip

This repository contains the source code for Apache Tika, specifically a vulnerable version related to CVE-2015-3271. However, it does not include any exploit code or proof-of-concept demonstrating the vulnerability.

Classification

Stub 95%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Apache Tika

No auth needed

Prerequisites: None

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Mar 14, 2026 Full analysis →

nomisec STUB

by andikahilmy · poc

https://github.com/andikahilmy/CVE-2015-3271-tika-vulnerable

View Code ZIP pw:eip

This repository appears to be a snapshot of the Apache Tika source code, specifically the vulnerable version affected by CVE-2015-3271. However, it does not contain any exploit code, proof-of-concept, or technical analysis of the vulnerability itself.

Classification

Stub 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Apache Tika (version not specified)

No auth needed

Prerequisites: Access to vulnerable Apache Tika instance

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2015/08/13/5

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/d2b3e7afb0251fac95fdee9817423cbc91e3d99a848c25a51d91c1e8%401439485507%40%3Cdev.tika.apache.org%3E

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/95020

Scores

CVSS v3 5.3

EPSS 0.0652

EPSS Percentile 92.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-200

Status published

Products (2)

apache/tika 1.9

org.apache.tika/tika-server 0 - 1.10Maven

Published Dec 15, 2016

Tracked Since Feb 18, 2026