9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
lucene-queryparser is vulnerable to remote code execution. This is possible through the use of an XML external entity expansion (XXE) attack and the Config API with add-listener command
mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51UO_6Vy%3Dj8W%3Dx1pMbLW9VJfZyFWz7pAnXJC_OAdSZubA%40mail.gmail.com%3E
openwall.com/lists/oss-security/2017/10/13/1
www.securityfocus.com/bid/101261
access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/
access.redhat.com/errata/RHSA-2017:3123
access.redhat.com/errata/RHSA-2017:3124
access.redhat.com/errata/RHSA-2017:3244
access.redhat.com/errata/RHSA-2017:3451
access.redhat.com/errata/RHSA-2017:3452
access.redhat.com/errata/RHSA-2018:0002
access.redhat.com/errata/RHSA-2018:0003
access.redhat.com/errata/RHSA-2018:0004
access.redhat.com/errata/RHSA-2018:0005
access.redhat.com/security/updates/classification/#moderate
access.redhat.com/security/vulnerabilities/CVE-2017-12629
lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E
lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f@%3Coak-issues.jackrabbit.apache.org%3E
lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E
lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E
lists.debian.org/debian-lts-announce/2018/01/msg00028.html
s.apache.org/FJDl
twitter.com/ApacheSolr/status/918731485611401216
twitter.com/joshbressers/status/919258716297420802
twitter.com/searchtools_avi/status/918904813613543424
usn.ubuntu.com/4259-1/
www.debian.org/security/2018/dsa-4124
www.exploit-db.com/exploits/43009/
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P