CVSS: 7.5EPSS: 57%CPEs: 1EXPL: 1CVE-2017-3164
https://notcve.org/view.php?id=CVE-2017-3164
08 Mar 2019 — Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL. Hay Server-Side Request Forgery (SSRF) en Apache Solr en versiones desde la 1.3 hasta la 7.6 (inclusivas). Como el parámetro "shards" no tiene un mecanismo de introducción en lista blanca correspondiente, un atacante remoto con acceso al serv... • https://github.com/tdwyer/PoC_CVE-2017-3164_CVE-2017-1262 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 92%CPEs: 3EXPL: 2CVE-2019-0192 – solr: remote code execution due to unsafe deserialization
https://notcve.org/view.php?id=CVE-2019-0192
07 Mar 2019 — In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side. En Apache Solr, desde la versión 5.0.0 hasta la 6.0.0 y desde la 6.0.0 hasta la 6.6.5, el API Config permite la configuración del servidor JMX con una petición HTTP POST. Al redirigirlo a un servidor RMI malicioso, un ... • https://github.com/mpgn/CVE-2019-0192 • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 6%CPEs: 5EXPL: 0CVE-2018-1308 – Debian Security Advisory 4194-1
https://notcve.org/view.php?id=CVE-2018-1308
09 Apr 2018 — This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=
CVSS: 10.0EPSS: 93%CPEs: 11EXPL: 3CVE-2017-12629 – Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-12629
14 Oct 2017 — Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload r... • https://packetstorm.news/files/id/144678 • CWE-138: Improper Neutralization of Special Elements CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 5%CPEs: 8EXPL: 0CVE-2017-3163 – solr: Directory traversal via Index Replication HTTP API
https://notcve.org/view.php?id=CVE-2017-3163
30 Aug 2017 — When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would g... • https://access.redhat.com/errata/RHSA-2018:1447 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 21EXPL: 0CVE-2017-7660 – Apache Solar 5.5.4 / 6.5.1 Member Spoofing
https://notcve.org/view.php?id=CVE-2017-7660
07 Jul 2017 — Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement e... • http://mail-archives.us.apache.org/mod_mbox/www-announce/201707.mbox/%3CCAOOKt53EgrybaD%2BiSn-nBbvFdse-szhg%3DhMoDZuvUvyMme-Z%3Dg%40mail.gmail.com%3E • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 0CVE-2015-8795
https://notcve.org/view.php?id=CVE-2015-8795
15 Feb 2016 — Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js. Múltiples vulnerabilidades de XSS en la Admin UI en Apache Solr en versiones anteriores a 5.1 permiten a atacantes remotos inyectar secuencias de... • https://issues.apache.org/jira/browse/SOLR-7346 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 0CVE-2015-8796
https://notcve.org/view.php?id=CVE-2015-8796
15 Feb 2016 — Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL. Vulnerabilidad de XSS en webapp/web/js/scripts/schema-browser.js en la Admin UI en Apache Solr en versiones anteriores a 5.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL de navegación del esquema manipulada. • http://www.securityfocus.com/bid/85205 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 0CVE-2015-8797
https://notcve.org/view.php?id=CVE-2015-8797
15 Feb 2016 — Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI. Vulnerabilidad de XSS en webapp/web/js/scripts/plugins.js en la página de inicio en la Admin UI en Apache Solr en versiones anteriores a 5.3.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un parámetro de entrada ... • http://www-01.ibm.com/support/docview.wss?uid=swg21975544 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 2%CPEs: 23EXPL: 0CVE-2014-3628
https://notcve.org/view.php?id=CVE-2014-3628
06 Jan 2015 — Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object. Vulnerabilidad de XSS en la página Admin UI Plugin / Stats en Apache Solr 4.x anterior a 4.10.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del objeto fieldvaluecache. • http://mail-archives.us.apache.org/mod_mbox/www-announce/201412.mbox/%3C54A1A7C7.2070804%40apache.org%3E • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •