Veracode Vulnerability DatabaseVERACODE:5281Remote Code Execution (RCE)
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
lucene-queryparser is vulnerable to remote code execution (RCE). This is possible through the use of an XML external entity expansion (XXE) attack and the Config API with add-listener command
References
lucene.472066.n3.nabble.com/Re-Several-critical-vulnerabilities-discovered-in-Apache-Solr-XXE-amp-RCE-td4358308.html
mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51UO_6Vy%3Dj8W%3Dx1pMbLW9VJfZyFWz7pAnXJC_OAdSZubA%40mail.gmail.com%3E
openwall.com/lists/oss-security/2017/10/13/1
www.securityfocus.com/bid/101261
access.redhat.com/errata/RHSA-2017:3123
access.redhat.com/errata/RHSA-2017:3124
access.redhat.com/errata/RHSA-2017:3244
access.redhat.com/errata/RHSA-2017:3451
access.redhat.com/errata/RHSA-2017:3452
access.redhat.com/errata/RHSA-2018:0002
access.redhat.com/errata/RHSA-2018:0003
access.redhat.com/errata/RHSA-2018:0004
access.redhat.com/errata/RHSA-2018:0005
lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E
lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f@%3Coak-issues.jackrabbit.apache.org%3E
lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E
lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E
lists.debian.org/debian-lts-announce/2018/01/msg00028.html
lucene.apache.org/solr/news.html#12-october-2017-please-secure-your-apache-solr-servers-since-a-zero-day-exploit-has-been-reported-on-a-public-mailing-list
s.apache.org/FJDl
twitter.com/ApacheSolr/status/918731485611401216
twitter.com/joshbressers/status/919258716297420802
twitter.com/searchtools_avi/status/918904813613543424
usn.ubuntu.com/4259-1/
www.debian.org/security/2018/dsa-4124
www.exploit-db.com/exploits/43009/
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P