CVSS: 10.0EPSS: 93%CPEs: 11EXPL: 3CVE-2017-12629 – Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-12629
14 Oct 2017 — Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload r... • https://packetstorm.news/files/id/144678 • CWE-138: Improper Neutralization of Special Elements CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2017-9803
https://notcve.org/view.php?id=CVE-2017-9803
18 Sep 2017 — Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality (when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider). Firstly, access to the security configuration can be leaked to users other than the solr super user. Secondly, malicious users can exploit this leaked configuration for privilege escalation to further expose/modif... • http://mail-archives.us.apache.org/mod_mbox/www-announce/201709.mbox/%3CCAOOKt53AOScg04zUh0%2BR_fcXD0C9s5mQ-OzdgYdnHz49u1KmXw%40mail.gmail.com%3E • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 5%CPEs: 8EXPL: 0CVE-2017-3163 – solr: Directory traversal via Index Replication HTTP API
https://notcve.org/view.php?id=CVE-2017-3163
30 Aug 2017 — When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would g... • https://access.redhat.com/errata/RHSA-2018:1447 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 21EXPL: 0CVE-2017-7660 – Apache Solar 5.5.4 / 6.5.1 Member Spoofing
https://notcve.org/view.php?id=CVE-2017-7660
07 Jul 2017 — Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement e... • http://mail-archives.us.apache.org/mod_mbox/www-announce/201707.mbox/%3CCAOOKt53EgrybaD%2BiSn-nBbvFdse-szhg%3DhMoDZuvUvyMme-Z%3Dg%40mail.gmail.com%3E • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 0CVE-2015-8795
https://notcve.org/view.php?id=CVE-2015-8795
15 Feb 2016 — Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js. Múltiples vulnerabilidades de XSS en la Admin UI en Apache Solr en versiones anteriores a 5.1 permiten a atacantes remotos inyectar secuencias de... • https://issues.apache.org/jira/browse/SOLR-7346 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 0CVE-2015-8796
https://notcve.org/view.php?id=CVE-2015-8796
15 Feb 2016 — Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL. Vulnerabilidad de XSS en webapp/web/js/scripts/schema-browser.js en la Admin UI en Apache Solr en versiones anteriores a 5.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL de navegación del esquema manipulada. • http://www.securityfocus.com/bid/85205 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 0CVE-2015-8797
https://notcve.org/view.php?id=CVE-2015-8797
15 Feb 2016 — Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI. Vulnerabilidad de XSS en webapp/web/js/scripts/plugins.js en la página de inicio en la Admin UI en Apache Solr en versiones anteriores a 5.3.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un parámetro de entrada ... • http://www-01.ibm.com/support/docview.wss?uid=swg21975544 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 2%CPEs: 23EXPL: 0CVE-2014-3628
https://notcve.org/view.php?id=CVE-2014-3628
06 Jan 2015 — Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object. Vulnerabilidad de XSS en la página Admin UI Plugin / Stats en Apache Solr 4.x anterior a 4.10.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del objeto fieldvaluecache. • http://mail-archives.us.apache.org/mod_mbox/www-announce/201412.mbox/%3C54A1A7C7.2070804%40apache.org%3E • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2012-6612 – Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler
https://notcve.org/view.php?id=CVE-2012-6612
07 Dec 2013 — The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407. El (1) UpdateRequestHandler para XSLT o (2) XPathEntityProcessor en Apache Solr anteriores a 4.1 permite a atacantes remotos tener un impacto no especificado a través de datos XML que c... • http://rhn.redhat.com/errata/RHSA-2013-1844.html •
CVSS: 6.4EPSS: 92%CPEs: 11EXPL: 1CVE-2013-6397 – Solr: directory traversal when loading XSL stylesheets and Velocity templates
https://notcve.org/view.php?id=CVE-2013-6397
07 Dec 2013 — Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries. Vulnerabilidad de salto de directorio en SolrResourceLoader en Apache Solr anteriores a 4.6 permite a ata... • http://lucene.apache.org/solr/4_6_0/changes/Changes.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •