Lucene search

Ubuntu.comUB:CVE-2015-8795

HistoryFeb 15, 2016 - 12:00 a.m.

CVE-2015-8795

2016-02-1500:00:00

ubuntu.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

64.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in
Apache Solr before 5.1 allow remote attackers to inject arbitrary web
script or HTML via crafted fields that are mishandled during the rendering
of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or
(2) Schema-Browser page, related to
webapp/web/js/scripts/schema-browser.js.

Notes

Author	Note
sbeattie	SOLR 4.x and newer

References

issues.apache.org/jira/browse/SOLR-7346

launchpad.net/bugs/cve/CVE-2015-8795

nvd.nist.gov/vuln/detail/CVE-2015-8795

security-tracker.debian.org/tracker/CVE-2015-8795

www.cve.org/CVERecord?id=CVE-2015-8795

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

64.5%

JSON

Related for UB:CVE-2015-8795