CVE-2015-3271
MEDIUMApache Tika <1.9 - Info Disclosure
Title source: llmDescription
Apache Tika server (aka tika-server) in Apache Tika 1.9 might allow remote attackers to read arbitrary files via the HTTP fileUrl header.
Exploits (2)
References (3)
Scores
CVSS v3
5.3
EPSS
0.0107
EPSS Percentile
77.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Classification
CWE
CWE-200
Status
published
Affected Products (3)
apache/tika
org.apache.tika/tika-server
< 1.10Maven
n/a/n/a
Timeline
Published
Dec 15, 2016
Tracked Since
Feb 18, 2026