CVE-2019-0193

2019-08-0114:15:00

Debian Security Bug Tracker

security-tracker.debian.org

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.961 High

EPSS

Percentile

99.5%

JSON

In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request’s “dataConfig” parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property “enable.dih.dataConfigParam” to true.

OSVersionArchitecturePackageVersionFilename
Debian12alllucene-solr< 3.6.2+dfsg-22lucene-solr_3.6.2+dfsg-22_all.deb
Debian11alllucene-solr< 3.6.2+dfsg-22lucene-solr_3.6.2+dfsg-22_all.deb
Debian10alllucene-solr< 3.6.2+dfsg-20+deb10u2lucene-solr_3.6.2+dfsg-20+deb10u2_all.deb
Debian999alllucene-solr< 3.6.2+dfsg-22lucene-solr_3.6.2+dfsg-22_all.deb
Debian13alllucene-solr< 3.6.2+dfsg-22lucene-solr_3.6.2+dfsg-22_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	lucene-solr	< 3.6.2+dfsg-22	lucene-solr_3.6.2+dfsg-22_all.deb
Debian	11	all	lucene-solr	< 3.6.2+dfsg-22	lucene-solr_3.6.2+dfsg-22_all.deb
Debian	10	all	lucene-solr	< 3.6.2+dfsg-20+deb10u2	lucene-solr_3.6.2+dfsg-20+deb10u2_all.deb
Debian	999	all	lucene-solr	< 3.6.2+dfsg-22	lucene-solr_3.6.2+dfsg-22_all.deb
Debian	13	all	lucene-solr	< 3.6.2+dfsg-22	lucene-solr_3.6.2+dfsg-22_all.deb