CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2020-13941
https://notcve.org/view.php?id=CVE-2020-13941
17 Aug 2020 — Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access. Reportado en SOLR-14515 (privado) y corregido en SOLR-14561 (público), publicado en Solr versió... • https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3E • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11802
https://notcve.org/view.php?id=CVE-2018-11802
01 Apr 2020 — In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin). En Apache Solr, el clúster puede ser particionad... • https://www.openwall.com/lists/oss-security/2019/04/24/1 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 94%CPEs: 7EXPL: 11CVE-2019-17558 – Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-17558
30 Dec 2019 — Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a ... • https://packetstorm.news/files/id/157078 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 83%CPEs: 3EXPL: 2CVE-2019-12409
https://notcve.org/view.php?id=CVE-2019-12409
18 Nov 2019 — The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and exposed on RMI_PORT (default=18983), without any authentication. If this port is opened for inbound traffic in your firewall, then anyone with network access to your Solr nodes will be able to access JMX, which may i... • https://github.com/jas502n/CVE-2019-12409 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 32%CPEs: 3EXPL: 1CVE-2019-12401
https://notcve.org/view.php?id=CVE-2019-12401
10 Sep 2019 — Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs. Las versiones de Solr 1.3.0 a 1.4.1, 3.1.0 a 3.6.2 y 4.0.0 a 4.10.4 son vulnerables a un ataque de consumo de recursos XML (también conocido como Lol Bomb) a través de su controlador de actualización. En... • http://mail-archives.us.apache.org/mod_mbox/www-announce/201909.mbox/%3CCAECwjAXU4%3DkAo5DeUJw7Kvk67sgCmajAN7LGZQNjbjZ8gv%3DBdw%40mail.gmail.com%3E • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 9.0EPSS: 93%CPEs: 4EXPL: 5CVE-2019-0193 – Apache Solr DataImportHandler Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-0193
01 Aug 2019 — In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enab... • https://github.com/jas502n/CVE-2019-0193 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 57%CPEs: 1EXPL: 1CVE-2017-3164
https://notcve.org/view.php?id=CVE-2017-3164
08 Mar 2019 — Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL. Hay Server-Side Request Forgery (SSRF) en Apache Solr en versiones desde la 1.3 hasta la 7.6 (inclusivas). Como el parámetro "shards" no tiene un mecanismo de introducción en lista blanca correspondiente, un atacante remoto con acceso al serv... • https://github.com/tdwyer/PoC_CVE-2017-3164_CVE-2017-1262 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 92%CPEs: 3EXPL: 2CVE-2019-0192 – solr: remote code execution due to unsafe deserialization
https://notcve.org/view.php?id=CVE-2019-0192
07 Mar 2019 — In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side. En Apache Solr, desde la versión 5.0.0 hasta la 6.0.0 y desde la 6.0.0 hasta la 6.6.5, el API Config permite la configuración del servidor JMX con una petición HTTP POST. Al redirigirlo a un servidor RMI malicioso, un ... • https://github.com/mpgn/CVE-2019-0192 • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •
CVSS: 5.5EPSS: 8%CPEs: 4EXPL: 1CVE-2018-8026
https://notcve.org/view.php?id=CVE-2018-8026
05 Jul 2018 — This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. The manipulated files can be u... • http://www.securityfocus.com/bid/104690 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-8010
https://notcve.org/view.php?id=CVE-2018-8010
21 May 2018 — This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. Users are advised to upgrade to either Solr 6.6.4 or Solr 7.3.1 releases bot... • http://www.securityfocus.com/bid/104239 • CWE-611: Improper Restriction of XML External Entity Reference •