9.8

CVE-2017-12629

Exploit
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheSolr Version >= 5.5.0 <= 5.5.4
ApacheSolr Version >= 6.0.0 <= 6.6.1
ApacheSolr Version >= 7.0.0 <= 7.0.1
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
CanonicalUbuntu Linux Version16.04 SwEditionlts
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 91.9% 0.998
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

https://access.redhat.com/errata/RHSA-2018:0002
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0003
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0004
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0005
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3244
Third Party Advisory
https://www.debian.org/security/2018/dsa-4124
Third Party Advisory
http://mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51UO_6Vy%3Dj8W%3Dx1pMbLW9VJfZyFWz7pAnXJC_OAdSZubA%40mail.gmail.com%3E
Vendor Advisory
Mailing List
http://openwall.com/lists/oss-security/2017/10/13/1
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/101261
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:3123
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3124
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3451
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3452
Third Party Advisory
https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3E
https://lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f%40%3Coak-issues.jackrabbit.apache.org%3E
https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314%40%3Cusers.solr.apache.org%3E
https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef%40%3Cusers.solr.apache.org%3E
https://lists.debian.org/debian-lts-announce/2018/01/msg00028.html
Third Party Advisory
Mailing List
https://s.apache.org/FJDl
Vendor Advisory
Exploit
Mailing List
https://twitter.com/ApacheSolr/status/918731485611401216
Third Party Advisory
https://twitter.com/joshbressers/status/919258716297420802
Third Party Advisory
https://twitter.com/searchtools_avi/status/918904813613543424
Third Party Advisory
https://usn.ubuntu.com/4259-1/
Third Party Advisory
https://www.exploit-db.com/exploits/43009/
Third Party Advisory
Exploit
VDB Entry