Lucene search
K

46 matches found

CNNVD
CNNVD
added 2025/01/27 12:0 a.m.5 views

Apache Solr 安全漏洞

Apache Solr is a search server based on Lucene a full-text search engine from the Apache Foundation USA. The product supports dimensional search, vertical search, and highlighting of search results. A security vulnerability exists in Apache Solr that stems from a lack of proper cleanup of inputs ...

5.4CVSS8.2AI score0.47207EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/26 12:0 a.m.2 views

PT-2025-5580 · Apache · Apache Solr

Name of the Vulnerable Software and Affected Versions: Apache Solr versions up through 9.7 Description: The issue allows users to replace "trusted" configset files with arbitrary configuration. Solr instances using the "FileSystemConfigSetService" component and running without authentication and...

9.2CVSS7.8AI score0.01136EPSS
Exploits0References28
Positive Technologies
Positive Technologies
added 2025/01/26 12:0 a.m.4 views

PT-2025-2921

Name of the Vulnerable Software and Affected Versions Apache Solr versions 6.6 through 9.7.0 Description Apache Solr instances running on Windows are susceptible to arbitrary file path write access due to insufficient input validation in the 'configset upload' API. This is commonly known as a...

8.7CVSS6.9AI score0.47207EPSS
Exploits0References30
Github Security Blog
Github Security Blog
added 2022/02/10 12:31 a.m.41 views

Incorrect Authorization in Apache Solr

Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous which could be used for remote code execution to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such featur...

9.8CVSS5.5AI score0.78874EPSS
Exploits1References25Affected Software3
GithubExploit
GithubExploit
added 2021/05/09 6:42 a.m.185 views

Exploit for Incorrect Authorization in Apache Solr

Apache Solr RCE CVE-2020-13957 Docker Demo !docker-demo...

9.8CVSS9.4AI score0.78874EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2020/10/22 1:4 p.m.24 views

CVE-2020-13957

Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous which could be used for remote code execution to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such featur...

9.8CVSS4.9AI score0.78874EPSS
Exploits1References3
OSV
OSV
added 2020/10/13 7:15 p.m.20 views

CVE-2020-13957

Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous which could be used for remote code execution to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such featur...

9.8CVSS7.2AI score
Exploits0References22
NVD
NVD
added 2020/10/13 7:15 p.m.20 views

CVE-2020-13957

Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous which could be used for remote code execution to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such featur...

9.8CVSS0.78874EPSS
Exploits1References22
UbuntuCve
UbuntuCve
added 2020/10/13 7:15 p.m.21 views

CVE-2020-13957

Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous which could be used for remote code execution to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such featur...

9.8CVSS7.2AI score0.78874EPSS
Exploits1References3
CVE
CVE
added 2020/10/13 6:28 p.m.2264 views

CVE-2020-13957

CVE-2020-13957 affects Apache Solr configurations via the ConfigSets API. IBM and OSV/NVD sources confirm that improper access control allows bypassing security checks for dangerous features when uploading/configuring ConfigSets, potentially enabling remote code execution. Affected Solr ranges in...

9.8CVSS9.3AI score0.78874EPSS
Exploits1References22Affected Software1
Debian CVE
Debian CVE
added 2020/10/13 6:28 p.m.21 views

CVE-2020-13957

Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous which could be used for remote code execution to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such featur...

9.8CVSS9.6AI score0.78874EPSS
Exploits1
OSV
OSV
added 2020/02/12 6:45 p.m.40 views

GHSA-WW97-9W65-2CRX Improper Input Validation in Apache Solr

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...

7.5CVSS7.6AI score0.98567EPSS
Exploits12References60
Github Security Blog
Github Security Blog
added 2020/02/12 6:45 p.m.73 views

Improper Input Validation in Apache Solr

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...

7.5CVSS2.1AI score0.98567EPSS
Exploits12References60Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/01/27 12:0 a.m.26 views

Apache Solr 5.0.0 < 8.4.0 Remote Code Execution

Apache Solr Versions 5.0.0 to 8.3.1 are vulnerable to a Remote Code Execution vulnerability via the VelocityResponseWriter method. A template may be provided in a configset '/velocity' directory or as a request paramter. A user defined configset may contain potentially malicious templates...

7.5CVSS8.1AI score0.98567EPSS
Exploits12References2
RedhatCVE
RedhatCVE
added 2020/01/09 6:8 p.m.43 views

CVE-2019-17558

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...

7.5CVSS2.1AI score0.98567EPSS
Exploits12References3
OSV
OSV
added 2019/12/30 5:15 p.m.19 views

CVE-2019-17558

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...

7.5CVSS7.1AI score0.98567EPSS
Exploits12References30
UbuntuCve
UbuntuCve
added 2019/12/30 5:15 p.m.37 views

CVE-2019-17558

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...

7.5CVSS7AI score0.98567EPSS
Exploits12References5
Prion
Prion
added 2019/12/30 5:15 p.m.25 views

Remote code execution

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...

4.6CVSS7.5AI score0.98567EPSS
Exploits12References29Affected Software2
OSV
OSV
added 2019/12/30 5:15 p.m.6 views

UBUNTU-CVE-2019-17558

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...

7.5CVSS7.2AI score0.98567EPSS
Exploits12References6
Cvelist
Cvelist
added 2019/12/30 4:36 p.m.24 views

CVE-2019-17558

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...

7.7AI score0.98567EPSS
Exploits12References29
Rows per page
Query Builder