Remote Code Execution (RCE)

2017-10-1600:44:41

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

EPSS

0.974

Percentile

99.9%

JSON

lucene-queryparser is vulnerable to remote code execution (RCE). This is possible through the use of an XML external entity expansion (XXE) attack and the Config API with add-listener command

References

lucene.472066.n3.nabble.com/Re-Several-critical-vulnerabilities-discovered-in-Apache-Solr-XXE-amp-RCE-td4358308.html

mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51UO_6Vy%3Dj8W%3Dx1pMbLW9VJfZyFWz7pAnXJC_OAdSZubA%40mail.gmail.com%3E

openwall.com/lists/oss-security/2017/10/13/1

www.securityfocus.com/bid/101261

access.redhat.com/errata/RHSA-2017:3123

access.redhat.com/errata/RHSA-2017:3124

access.redhat.com/errata/RHSA-2017:3244

access.redhat.com/errata/RHSA-2017:3451

access.redhat.com/errata/RHSA-2017:3452

access.redhat.com/errata/RHSA-2018:0002

access.redhat.com/errata/RHSA-2018:0003

access.redhat.com/errata/RHSA-2018:0004

access.redhat.com/errata/RHSA-2018:0005

lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E

lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f@%3Coak-issues.jackrabbit.apache.org%3E

lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E

lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E

lists.debian.org/debian-lts-announce/2018/01/msg00028.html

lucene.apache.org/solr/news.html#12-october-2017-please-secure-your-apache-solr-servers-since-a-zero-day-exploit-has-been-reported-on-a-public-mailing-list

s.apache.org/FJDl

twitter.com/ApacheSolr/status/918731485611401216

twitter.com/joshbressers/status/919258716297420802

twitter.com/searchtools_avi/status/918904813613543424

usn.ubuntu.com/4259-1/

www.debian.org/security/2018/dsa-4124

www.exploit-db.com/exploits/43009/