18 matches found
Apache Solr <=8.3.1 - Remote Code Execution
Apache Solr versions 5.0.0 to 8.3.1 are vulnerable to remote code execution vulnerabilities through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable,...
Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability
The Apache Solr VelocityResponseWriter plug-in contains an unspecified vulnerability which can allow for remote code execution...
GHSA-WW97-9W65-2CRX Improper Input Validation in Apache Solr
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...
Improper Input Validation in Apache Solr
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...
Apache Solr 5.0.0 < 8.4.0 Remote Code Execution
Apache Solr Versions 5.0.0 to 8.3.1 are vulnerable to a Remote Code Execution vulnerability via the VelocityResponseWriter method. A template may be provided in a configset '/velocity' directory or as a request paramter. A user defined configset may contain potentially malicious templates...
CVE-2019-17558
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...
Apache Solr < 8.4.0 Remote Code Execution
The version of Apache Solr running on the remote host is at least 5.0.0 and prior to 8.4.0. It is, therefore, affected by a remote code execution vulnerability. A remote code execution vulnerability exists in VelocityResponseWriter due to a flaw in the velocity template parameter. An...
CVE-2019-17558
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...
CVE-2019-17558
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...
UBUNTU-CVE-2019-17558
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...
CVE-2019-17558
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...
Remote code execution
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...
CVE-2019-17558
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...
CVE-2019-17558
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...
CVE-2019-17558
CVE-2019-17558 affects Apache Solr 5.0.0–8.3.1 and allows remote code execution via the VelocityResponseWriter. An attacker can supply a Velocity template through configset velocity/ or via a parameter; enabling the resource loader for templates requires a configured response writer. Solr 8.4 rem...
Solr -- multiple vulnerabilities
Community reports: 8.1.1 and 8.2.0 users check ENABLEREMOTEJMXOPTS setting Apache Solr RCE vulnerability due to bad config default Apache Solr RCE through VelocityResponseWriter...
Remote Code Execution (RCE)
solr-velocity is vulnerable to remote code execution RCE. The vulnerability can be caused by loading custom Velocity templates containing malicious code since the solr resource loader in VelocityResponseWriter.java was on by default...
CVE-2019-17558
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...