Page 3 of 34 results (0.002 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access. Reportado en SOLR-14515 (privado) y corregido en SOLR-14561 (público), publicado en Solr versión 8.6.0. El manejador de Replicación (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) permite una copia de seguridad, restauración y eliminación de copias de seguridad de los comandos. • https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/rbcd9dff009ed19ffcc2b09784595fc1098fc802a5472f81795f893be%40%3Ccommits.lucene.apache.org%3E https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8%40%3Ccommits.submarine.apache.org%3E https://lists.apache.org/thread.html/rf54e7912b7d2b72c63ec54a7afa4adcbf16268dcc63253767dd67d60%40%3Cgeneral.lucene.apache.org%3E • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin). En Apache Solr, el clúster puede ser particionado en varias colecciones y solo un subconjunto de nodos realmente aloja una colección determinada. • https://www.openwall.com/lists/oss-security/2019/04/24/1 • CWE-863: Incorrect Authorization •

CVSS: 7.5EPSS: 97%CPEs: 7EXPL: 6

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. • https://www.exploit-db.com/exploits/47572 https://www.exploit-db.com/exploits/48338 http://packetstormsecurity.com/files/157078/Apache-Solr-8.3.0-Velocity-Template-Remote-Code-Execution.html https://issues.apache.org/jira/browse/SOLR-13971 https://lists.apache.org/thread.html/r0b7b9d4113e6ec1ae1d3d0898c645f758511107ea44f0f3a1210c5d5%40%3Cissues.lucene.apache.org%3E https://lists.apache.org/thread.html/r12ab2cb15a34e49b4fecb5b2bdd7e10f3e8b7bf1f4f47fcde34d3a7c%40%3Cissues.lucene.apache.org%3E https://lists.apache.org/thread.html/r • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 9.8EPSS: 5%CPEs: 3EXPL: 2

The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and exposed on RMI_PORT (default=18983), without any authentication. If this port is opened for inbound traffic in your firewall, then anyone with network access to your Solr nodes will be able to access JMX, which may in turn allow them to upload malicious code for execution on the Solr server. Apache Solr versiones 8.1.1 y 8.2.0, contiene una configuración no segura para la opción de configuración ENABLE_REMOTE_JMX_OPTS en el archivo de configuración predeterminado solr.in.sh enviado con Solr. Si utiliza el archivo predeterminado solr.in.sh de las versiones afectadas, entonces la supervisión JMX será habilitada y expuesta en RMI_PORT (default=18983), sin ninguna autenticación. • https://github.com/jas502n/CVE-2019-12409 https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12409-RCE%20Vulnerability%20Due%20to%20Bad%20Defalut%20Config-Apache%20Solr https://lists.apache.org/thread.html/47e112035b4aa67ece3b75dbcd1b9c9212895b9dfe2a71f6f7c174e2%40%3Cannounce.apache.org%3E https://lists.apache.org/thread.html/6640c7e370fce2b74e466a605a46244ccc40666ad9e3064a4e04a85d%40%3Csolr-user.lucene.apache.org%3E https://lists.apache.org/thread.html/925cdb49ceae78baddb45da7beb9b4d2b1ddc4a8e318c65e91fb4e87%40%3Cissues.lucene.apache.org%3E https: • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1

Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs. Las versiones de Solr 1.3.0 a 1.4.1, 3.1.0 a 3.6.2 y 4.0.0 a 4.10.4 son vulnerables a un ataque de consumo de recursos XML (también conocido como Lol Bomb) a través de su controlador de actualización. En el caso de los elementos de tipo, el atacante puede crear un patrón que se expandirá cuando el servidor analice el XML que causa los OOM. • http://mail-archives.us.apache.org/mod_mbox/www-announce/201909.mbox/%3CCAECwjAXU4%3DkAo5DeUJw7Kvk67sgCmajAN7LGZQNjbjZ8gv%3DBdw%40mail.gmail.com%3E http://www.openwall.com/lists/oss-security/2019/09/10/1 https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12401-XML%20Bomb-Apache%20Solr https://lists.apache.org/thread.html/048ae6e4f84a88e8856f766320b48ad91f9fca2c6f621aa2c40088fe%40%3Cdev.lucene.apache.org%3E https://lists.apache.org/thread.html/0ec231c5ed8d242890e21806d25fdd47f80cc47cac278d2fc1c9c579%40%3Cdev.lucene.apache.org%3E • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •