CVE-2019-0193 – Apache Solr DataImportHandler Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-0193
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true. En Solr de Apache, el DataImportHandler, un módulo opcional pero popular para extraer datos de bases de datos y otras fuentes, presenta una funcionalidad en la que toda la configuración de DIH puede provenir del parámetro "dataConfig" de una petición. • https://github.com/jas502n/CVE-2019-0193 https://github.com/xConsoIe/CVE-2019-0193 https://github.com/jaychouzzk/CVE-2019-0193-exp https://issues.apache.org/jira/browse/SOLR-13669 https://lists.apache.org/thread.html/1addbb49a1fc0947fb32ca663d76d93cfaade35a4848a76d4b4ded9c%40%3Cissues.lucene.apache.org%3E https://lists.apache.org/thread.html/42cc4d334ba33905b872a0aa00d6a481391951c8b1450f01b077ce74%40%3Cissues.lucene.apache.org%3E https://lists.apache.org/thread.html/55880d48e38ba9e8c41a3b9e41051dbfdef63b86b0cfeb32967edf03%40%3Cissues.lucene.apac • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2017-3164
https://notcve.org/view.php?id=CVE-2017-3164
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL. Hay Server-Side Request Forgery (SSRF) en Apache Solr en versiones desde la 1.3 hasta la 7.6 (inclusivas). Como el parámetro "shards" no tiene un mecanismo de introducción en lista blanca correspondiente, un atacante remoto con acceso al servidor podría hacer que Solr realizara una petición HTTP GET hacia cualquier URL alcanzable. • http://mail-archives.apache.org/mod_mbox/www-announce/201902.mbox/%3CCAECwjAVjBN%3DwO5rYs6ktAX-5%3D-f5JDFwbbTSM2TTjEbGO5jKKA%40mail.gmail.com%3E http://www.securityfocus.com/bid/107026 https://lists.apache.org/thread.html/43026507844ada1ac658ccf7bc939378c13e492fd6538416ce65df39%40%3Cdev.lucene.apache.org%3E https://lists.apache.org/thread.html/75dc651478f9d04505b46d44fe3ac739e7aaf3d7bf1257973685f8f7%40%3Cdev.lucene.apache.org%3E https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E https:/ • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2019-0192 – solr: remote code execution due to unsafe deserialization
https://notcve.org/view.php?id=CVE-2019-0192
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side. En Apache Solr, desde la versión 5.0.0 hasta la 6.0.0 y desde la 6.0.0 hasta la 6.6.5, el API Config permite la configuración del servidor JMX con una petición HTTP POST. Al redirigirlo a un servidor RMI malicioso, un atacante podría aprovecharse de la deserialización insegura de Solr para desencadenar una ejecución remota de código en el lado de Solr.. A flaw was found in the Apache Solr's Config API, where it would permit the configuration of the JMX server via an HTTP POST request. • https://github.com/mpgn/CVE-2019-0192 https://github.com/Rapidsafeguard/Solr-RCE-CVE-2019-0192 http://mail-archives.us.apache.org/mod_mbox/www-announce/201903.mbox/%3CCAECwjAV1buZwg%2BMcV9EAQ19MeAWztPVJYD4zGK8kQdADFYij1w%40mail.gmail.com%3E http://www.securityfocus.com/bid/107318 https://access.redhat.com/errata/RHSA-2019:2413 https://lists.apache.org/thread.html/42c5682f4acd1d03bd963e4f47ae448d7cff66c16b19142773818892%40%3Cdev.lucene.apache.org%3E https://lists.apache.org/thread.html/53e4744b14fb7f1810405f8ff5531ab0953a23dd09ce8071ce87 • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •
CVE-2018-8026
https://notcve.org/view.php?id=CVE-2018-8026
This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. The manipulated files can be uploaded as configsets using Solr's API, allowing to exploit that vulnerability. Esta vulnerabilidad en Apache Solr, de la versión 6.0.0 a la 6.6.4 y de la versión 7.0.0 a la 7.3.1, está relacionada con una expansión XEE (XML External Entity) en los archivos de configuración de Solr (currency.xml, enumsConfig.xml referido desde schema.xml y el archivo de configuración TIKA parsecontext). • http://www.securityfocus.com/bid/104690 https://issues.apache.org/jira/browse/SOLR-12450 https://mail-archives.apache.org/mod_mbox/lucene-solr-user/201807.mbox/%3C0cdc01d413b7%24f97ba580%24ec72f080%24%40apache.org%3E https://security.netapp.com/advisory/ntap-20190307-0002 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2018-8010
https://notcve.org/view.php?id=CVE-2018-8010
This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. Users are advised to upgrade to either Solr 6.6.4 or Solr 7.3.1 releases both of which address the vulnerability. Once upgrade is complete, no other steps are required. • http://www.securityfocus.com/bid/104239 https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E https://mail-archives.apache.org/mod_mbox/www-announce/201805.mbox/%3C08a801d3f0f9%24df46d300%249dd47900%24%40apache.org%3E • CWE-611: Improper Restriction of XML External Entity Reference •