CVE-2019-17558

2019-12-3000:00:00

ubuntu.com

CVSS2

4.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.975

Percentile

100.0%

JSON

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code
Execution through the VelocityResponseWriter. A Velocity template can be
provided through Velocity templates in a configset velocity/ directory or
as a parameter. A user defined configset could contain renderable,
potentially malicious, templates. Parameter provided templates are disabled
by default, but can be enabled by setting params.resource.loader.enabled
by defining a response writer with that setting set to true. Defining a
response writer requires configuration API access. Solr 8.4 removed the
params resource loader entirely, and only enables the configset-provided
template rendering when the configset is trusted (has been uploaded by an
authenticated user).

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlucene-solr< anyUNKNOWN
ubuntu20.04noarchlucene-solr< anyUNKNOWN
ubuntu22.04noarchlucene-solr< anyUNKNOWN
ubuntu24.04noarchlucene-solr< anyUNKNOWN
ubuntu14.04noarchlucene-solr< anyUNKNOWN
ubuntu16.04noarchlucene-solr< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	lucene-solr	< any	UNKNOWN
ubuntu	20.04	noarch	lucene-solr	< any	UNKNOWN
ubuntu	22.04	noarch	lucene-solr	< any	UNKNOWN
ubuntu	24.04	noarch	lucene-solr	< any	UNKNOWN
ubuntu	14.04	noarch	lucene-solr	< any	UNKNOWN
ubuntu	16.04	noarch	lucene-solr	< any	UNKNOWN