Apache

Solr

46 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2023-50290

  • EPSS 92.56%
  • Veröffentlicht 15.01.2024 10:15:26
  • Zuletzt bearbeitet 09.05.2025 21:15:49

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variable...

7.5

CVE-2023-44487

Warnung Medienbericht Exploit
  • EPSS 94.36%
  • Veröffentlicht 10.10.2023 14:15:10
  • Zuletzt bearbeitet 07.11.2025 19:00:41

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

9.8

CVE-2021-44548

  • EPSS 6.66%
  • Veröffentlicht 23.12.2021 09:15:06
  • Zuletzt bearbeitet 21.11.2024 06:31:12

An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider a...

7.5

CVE-2021-33813

Medienbericht Exploit
  • EPSS 0.08%
  • Veröffentlicht 16.06.2021 12:15:12
  • Zuletzt bearbeitet 21.11.2024 06:09:37

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.

9.1

CVE-2021-29943

  • EPSS 7.67%
  • Veröffentlicht 13.04.2021 07:15:12
  • Zuletzt bearbeitet 21.11.2024 06:02:01

When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authoriz...

7.5

CVE-2021-29262

  • EPSS 26.23%
  • Veröffentlicht 13.04.2021 07:15:12
  • Zuletzt bearbeitet 21.11.2024 06:00:54

When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that nod...

9.8

CVE-2021-27905

  • EPSS 93.99%
  • Veröffentlicht 13.04.2021 07:15:12
  • Zuletzt bearbeitet 21.11.2024 05:58:44

The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data int...

4

CVE-2021-28163

Exploit
  • EPSS 0.15%
  • Veröffentlicht 01.04.2021 15:15:14
  • Zuletzt bearbeitet 21.11.2024 05:59:12

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps thems...

5.3

CVE-2020-27223

  • EPSS 42.65%
  • Veröffentlicht 26.02.2021 22:15:19
  • Zuletzt bearbeitet 20.08.2025 10:15:27

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) ...

8.8

CVE-2020-9492

  • EPSS 0.12%
  • Veröffentlicht 26.01.2021 18:16:10
  • Zuletzt bearbeitet 21.11.2024 05:40:45

In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.