47 matches found
CVE-2023-44487
CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...
CVE-2020-13957
CVE-2020-13957 affects Apache Solr configurations via the ConfigSets API. IBM and OSV/NVD sources confirm that improper access control allows bypassing security checks for dangerous features when uploading/configuring ConfigSets, potentially enabling remote code execution. Affected Solr ranges in...
CVE-2019-17558
CVE-2019-17558 affects Apache Solr 5.0.0–8.3.1 and allows remote code execution via the VelocityResponseWriter. An attacker can supply a Velocity template through configset velocity/ or via a parameter; enabling the resource loader for templates requires a configured response writer. Solr 8.4 rem...
CVE-2019-0193
CVE-2019-0193 affects Apache Solr via the DataImportHandler (DIH) module. The vulnerability arises because DIH can read a request parameter dataConfig containing a DIH configuration, which can include scripts, enabling code injection. The issue is mitigated by requiring enabling the Java system p...
CVE-2021-28163
CVE-2021-28163 (Jetty symlink handling) is reported across multiple IBM advisories as a vulnerability in Eclipse Jetty where if the ${jetty.base} or ${jetty.base}/webapps directory is a symlink, an attacker could obtain the contents of the webapps directory. IBM documents list affected products s...
CVE-2023-50386
CVE-2023-50386 is an Apache Solr vulnerability affecting 6.0.0–8.11.2 and 9.0.0–9.3.x that allows unrestricted uploading of Java jar/class files via the ConfigSets API. When backing up Solr Collections with LocalFileSystemRepository, backup files can land on directories in the Solr ClassLoader, p...
CVE-2020-27223
CVE-2020-27223 affects Eclipse Jetty 9.4.6.v20170531–9.4.36.v20210114, 10.0.0, and 11.0.0, where handling requests with multiple Accept headers and many quality (q) values can cause high CPU usage and a DoS. Public sources consistently describe CPU exhaustion as the impact. Remediation is to upgr...
CVE-2017-12629
CVE-2017-12629 affects Apache Solr before 7.1 (with Lucene before 7.1). The issue combines an XXE in the XML Query Parser (deftype=xmlparser) that can upload data to /upload or enable blind XXE for local file reads, and a second RCE path via RunExecutableListener reachable through a Config API ad...
CVE-2023-50298
CVE-2023-50298: Apache Solr Streaming Expressions can reveal ZooKeeper credentials via zkHost if the SolrCloud uses ZooKeeper authentication. Affected: Solr 6.0.0–8.11.2 and 9.0.0–9.3.x (before 9.4.1). Root cause: zkHost usage may transmit ZooKeeper credentials/ACLs to an attacker-controlled serv...
CVE-2021-33813
CVE-2021-33813 concerns an XXE vulnerability in JDOM’s SAXBuilder up to version 2.0.6, allowing denial-of-service via a crafted HTTP request. Connected advisories confirm the issue affects jdom/jdom2 and list downstream fixes/upgrades in Linux distributions (e.g., Amazon Linux advisories ALAS2-20...
CVE-2021-27905
CVE-2021-27905 (Solr SSRF) affects Apache Solr versions prior to 8.8.2 where the ReplicationHandler’s masterUrl/leaderUrl parameter can be abused to trigger SSRF. The flaw arises because masterUrl is not sufficiently validated against allowed hosts/schemes, enabling an attacker to cause the serve...
CVE-2019-0192
Apache Solr CVE-2019-0192 affects Solr 5.0.0–5.5.5 and 6.0.0–6.6.5. The Config API can configure the JMX server via HTTP POST; if pointed to a malicious RMI server, Solr’s unsafe deserialization can trigger remote code execution on the Solr side. Evidence in connected docs includes Nuclei templat...
CVE-2024-45216
CVE-2024-45216 describes an authentication bypass in Apache Solr when PKIAuthenticationPlugin is used. Exploitation involves a crafted request with a fake URL path ending that bypasses authentication while preserving the API URL contract. Affected Solr versions: 5.3.0 up to, but not including, 8....
CVE-2019-12409
CVE-2019-12409 affects Apache Solr 8.1.1 and 8.2.0 where the default solr.in.sh enables ENABLE_REMOTE_JMX_OPTS, exposing JMX on RMI_PORT 18983 without authentication. Unauthenticated network access to JMX can allow uploading and execution of malicious code on the Solr server. Public exploitation ...
CVE-2020-13941
CVE-2020-13941 concerns Apache Solr’s replication handler. The vulnerability arises because the backup, restore, and deleteBackup HTTP API commands accept a location parameter that was not validated, enabling read/write access to any location the solr user can access. Multiple sources note this w...
CVE-2021-29943
CVE-2021-29943 affects Apache Solr: when using ConfigurableInternodeAuthHadoopPlugin for authentication, Solr versions prior to 8.8.2 forwarded distributed requests using server credentials instead of the original client credentials. This mis-credentialing leads to incorrect authorization resolut...
CVE-2020-9492
CVE-2020-9492 : In Hadoop, the WebHDFS client may send a SPNEGO authorization header to a remote URL without proper verification. Affected are Hadoop releases: 3.2.0–3.2.1, 3.0.0-alpha1–3.1.3, and 2.0.0-alpha–2.10.0. The description in the initial document directly states the header could be sent...
CVE-2021-29262
CVE-2021-29262 affects Apache Solr
CVE-2017-3163
CVE-2017-3163 affects Apache Solr when using the Index Replication feature. The vulnerability arises because Solr did not validate the file name in the HTTP API used to pull index files from a master/leader, enabling path traversal and exposing files readable by the Solr server process. Affected ...
CVE-2023-50290
Apache Solr (versions 9.0.0–9.2.x) is vulnerable to CVE-2023-50290 via the Metrics API, which publishes all unprotected host environment variables. The root cause is that environment variables are not strictly definable in Solr and may be exposed even in Clouds with authorization, until fixed. Th...
CVE-2021-44548
The CVE-2021-44548 entry describes an information-disclosure vulnerability in Apache Solr’s DataImportHandler that allows a Windows UNC path to trigger SMB network calls from the Solr host. Affected: Solr versions prior to 8.11.1 on Windows. Impact (as stated): potential exfiltration of sensitive...
CVE-2024-52012
Apache Solr (Windows) is affected by CVE-2024-52012: a relative path traversal (zip slip) via the configset upload API that can allow arbitrary file writes to the filesystem. Affected versions are Solr 6.6 through 9.7.0. The root cause is insufficient input sanitation in the configset upload path...
CVE-2013-6397
Apache Solr (SolrResourceLoader) is vulnerable to a directory traversal via the tr parameter in solr/select/ when wt is XSLT, allowing reading of arbitrary files. Affected versions are Solr up to 4.5.x (before 4.6.0); the issue is caused by insufficient path validation and can be combined with an...
CVE-2013-6407
CVE-2013-6407 (Apache Solr; Lucene-Solr) : The UpdateRequestHandler for XML in Solr before 4.1 is vulnerable to XML External Entity (XXE). A crafted XML with an external entity declaration and an entity reference can cause information disclosure. Affected: Solr/Lucene-Solr prior to 4.1. Root caus...
CVE-2012-6612
CVE-2012-6612 describes an XXE-type vulnerability in Apache Solr where the UpdateRequestHandler (for XSLT) or XPathEntityProcessor prior to Solr 4.1 could process XML data containing external entity declarations combined with an entity reference, enabling remote impact. Connected advisories (GHSA...
CVE-2018-8026
CVE-2018-8026 affects Apache Solr releases 6.0.0–6.6.4 and 7.0.0–7.3.1, due to an XML External Entity (XXE) flaw in Solr config files (currency.xml, enumsConfig.xml referenced from schema.xml, and TIKA parsecontext) and related XInclude handling. An attacker could craft XML and upload manipulated...
CVE-2013-6408
CVE-2013-6408 affects Apache Solr’s DocumentAnalysisRequestHandler prior to 4.3.1, enabling XXE via XML with external entity declarations and an entity reference. Public documents (including Nessus notes) corroborate XXE across Solr 3.6.0–4.3.1 and reference related CVEs (e.g., CVE-2013-6407). Im...
CVE-2018-1308
CVE-2018-1308 is an XML External Entity (XXE) vulnerability in Apache Solr’s DataImportHandler, affecting Solr 1.2–6.6.2 and 7.0–7.2.1. The vulnerability stems from an XXE flaw in the dataConfig parameter of the DataImportHandler, enabling an attacker to read arbitrary local files via file/ftp/ht...
CVE-2025-24814
Summary of CVE-2025-24814 (Apache Solr): Solr instances using FileSystemConfigSetService (default in standalone or user-managed mode) and lacking authentication/authorization are vulnerable to privilege escalation where replacement of trusted configset files can be treated as trusted. This can al...
CVE-2017-3164
CVE-2017-3164 is an SSRF vulnerability in Apache Solr affecting Log Analysis (IBM) versions 1.3.1–1.3.6 (Solr 1.3.x to 7.6). The shards parameter lacks a whitelist, allowing remote attackers with server access to trigger HTTP GET requests to any reachable URL. Connected Nessus/NASL entries corrob...
CVE-2023-50291
CVE-2023-50291 — Insufficiently Protected Credentials (Apache Solr) : The issue affects Solr 6.0.0–8.11.2 and 9.0.0–9.3.0, where the /admin/info/properties endpoint could leak credentials because some sensitive properties (e.g., basicauth, aws.secretKey) were published in the UI. Access is gated ...
CVE-2019-12401
CVE-2019-12401 affects Apache Solr and is described as an XML resource consumption (Lol Bomb) vulnerability exposed via the Update Handler. Affected versions cover: 1.3.0–1.4.1, 3.1.0–3.6.2, and 4.0.0–4.10.4. The root cause is crafted XML using DOCTYPE and ENTITY declarations that expands during ...
CVE-2023-50292
The CVE-2023-50292 issue affects Apache Solr before 9.3.0 and 8.11.x lines, where the Schema Designer could load external libraries from untrusted configSets due to missing trust handling. This could enable remote code execution when non-authenticated users configure Schema Sets. Affected version...
CVE-2018-8010
The CVE-2018-8010 issue affects Apache Solr 6.0.0–6.6.3 and 7.0.0–7.3.0, arising from an XML External Entity (XXE) expansion in Solr’s config files (solrconfig.xml, schema.xml, managed-schema) and related XInclude handling. An attacker could use XXE via file/ftp/http references to read arbitrary ...
CVE-2017-1000190
CVE-2017-1000190 affects SimpleXML (v2.7.1) and is an XXE flaw that can enable SSRF, information disclosure and DoS. Connected documents confirm affected context in IBM/Log Analysis (Solr-based deployment) and outline remediation: upgrade to IBM Operations Analytics - Log Analysis version 1.3.7 (...
CVE-2017-7660
CVE-2017-7660 affects Apache Solr inter-node communication when security is enabled. A specially crafted node name can mislead cluster nodes into treating a malicious node as a legitimate member if BasicAuth is enabled via BasicAuthPlugin or a custom authentication plugin that does not implement ...
CVE-2018-11802
CVE-2018-11802 involves Apache Solr authorization bypass: if a node receives a request for a collection it does not host, it proxies the request to a node that does host it, bypassing all authorization settings. This affects Solr versions prior to 7.7 that use the default RuleBasedAuthorizationPl...
CVE-2015-8797
CVE-2015-8797 affects Apache Solr prior to 5.3.1, where a cross-site scripting (XSS) flaw exists in webapp/web/js/scripts/plugins.js on the Admin UI statistics page. The vulnerability allows remote injection of script/HTML via the entry parameter to the plugins/cache URI. No exploitation details ...
CVE-2024-45217
CVE-2024-45217 describes an insecure default initialization of resources in Apache Solr. New ConfigSets created via Restore may be created without the trusted metadata, causing some ConfigSets to be implicitly trusted and potentially able to load custom code into classloaders. The issue affects S...
CVE-2017-9803
CVE-2017-9803 affects Apache Solr’s Kerberos plugin, where delegation tokens can enable reuse of an end-user’s authentication. The documented issues include leakage of security configuration to non-super users and potential privilege escalation by malicious users when using a SecurityAwareZkACLPr...
CVE-2015-8795
Apache Solr CVE-2015-8795 affects the Admin UI and is described as multiple cross-site scripting (XSS) vulnerabilities in Solr versions prior to 5.1. The issues arise from improper handling of user-provided fields during rendering on the Analysis page (webapp/web/js/scripts/analysis.js) and the S...
CVE-2014-3628
CVE-2014-3628 affects Apache Solr 4.x prior to 4.10.3, specifically the Admin UI Plugin / Stats page. The vulnerability is an XSS due to improper sanitization of data in the fieldvaluecache object, allowing a remote attacker to inject arbitrary script/HTML into a victim’s browser. The issue is do...
CVE-2015-8796
CVE-2015-8796 is an XSS in Apache Solr's Admin UI (webapp/web/js/scripts/schema-browser.js) that allows a remote attacker to inject arbitrary web script or HTML via a crafted schema-browse URL. The vulnerability is stated for Solr before version 5.3. Documents provide the affected component and t...
CVE-2026-44825
Summary (CVE-2026-44825) : Apache Solr’s Basic Authentication bootstrap tool (bin/solr auth enable) contains hardcoded credentials, enabling remote attackers to gain full administrative access for Solr clusters running versions 9.4.0–9.10.1 and 10.0.0. The root cause is the inclusion of default c...
CVE-2009-3821
CVE-2009-3821 is an XSS vulnerability affecting the TYPO3 Apache Solr extension (solr) version 1.0.0. Multiple connected sources confirm an Eiffel of cross-site scripting that allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The root cause details are not el...
CVE-2026-22444
The CVE-2026-22444 issue affects Apache Solr in standalone mode (versions 8.6–9.10.0) where the create core API performs inadequate input validation on certain API parameters. This can cause Solr to check and read file-system paths that should be blocked by the allowPaths setting, potentially all...
CVE-2026-22022
CVE-2026-22022 affects Apache Solr 5.3.0 through 9.10.0 that use Solr’s RuleBasedAuthorizationPlugin with a multi-role security.json config and a permission list that includes one or more of config-read, config-edit, schema-read, metrics-read, or security-read but does not define the all permissi...