155 matches found
Security Bulletin: IBM InfoSphere BigInsights 4.2.5 is affected by an Open Source (Solr) vulnerabilty (CVE-2017-12629)
Summary IBM InfoSphere BigInsights 4.2.5 is affected by an Open Source Solr vulnerabilty CVE-2017-12629 Vulnerability Details CVE-ID: CVE-2017-12629 Description: Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a...
Remote Code Execution
Overview Versions of mongodb-query-parser prior to 2.0.0 are vulnerable to Remote Code Execution. The package fails to sanitize queries, allowing attackers to execute arbitrary code in the system. Parsing the following payload executes touch test-file: 'function return...
GHSA-MH7G-99W9-XPJM Remote code execution occurs in Apache Solr
Remote code execution occurs in Apache Solr before versions 5.5.5, 6.6.2 and 7.1.0 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external...
Remote code execution occurs in Apache Solr
Remote code execution occurs in Apache Solr before versions 5.5.5, 6.6.2 and 7.1.0 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external...
Moderate: Red Hat Security Advisory: rh-java-common-lucene5 security update
An update for rh-java-common-lucene5 is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution(CVE-2017-12629)
First Vulnerability: XML External Entity Expansion deftype=xmlparser Lucene includes a query parser that is able to create the full-spectrum of Lucene queries, using an XML data structure. Starting from version 5.1 Solr supports "xml" query parser in the search query. The problem is that lucene x...
Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution
First Vulnerability: XML External Entity Expansion deftype=xmlparser Lucene includes a query parser that is able to create the full-spectrum of Lucene queries, using an XML data structure. Starting from version 5.1 Solr supports "xml" query parser in the search query. The problem is that lucene x...
Xxe
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML extern...
CVE-2017-12629
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML extern...
CVE-2017-12629
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML extern...
CVE-2017-12629
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML extern...
CVE-2017-12629
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML extern...
CVE-2017-12629
CVE-2017-12629 affects Apache Solr before 7.1 (with Lucene before 7.1). The issue combines an XXE in the XML Query Parser (deftype=xmlparser) that can upload data to /upload or enable blind XXE for local file reads, and a second RCE path via RunExecutableListener reachable through a Config API ad...
Ubuntu 5.04 / 5.10 : mysql-dfsg vulnerability (USN-274-2)
USN-274-1 fixed a logging bypass in the MySQL server. Unfortunately it was determined that the original update was not sufficient to completely fix the vulnerability, thus another update is necessary. We apologize for the inconvenience. For reference, these are the details of the original USN : A...
USN-274-1: MySQL vulnerability
A logging bypass was discovered in the MySQL query parser. A local attacker could exploit this by inserting NUL characters into query strings even into comments, which would cause the query to be logged incompletely. This only affects you if you enabled the 'log' parameter in the MySQL...