Skip to main content
CVE-2017-12629 CRITICAL POC PATCH THREAT Act Now

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.9%.

Apache XXE Elastic RCE Solr +3
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
93.9%
Threat
6.3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy