Skip to main content

Solr CVE-2017-12629

CRITICAL
Improper Restriction of XML External Entity Reference (CWE-611)
2017-10-14 security@apache.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 14, 2017 - 23:29 cve.org
CRITICAL 9.8

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 17 maven packages depend on org.apache.solr:solr-core (12 direct, 5 indirect)

Ecosystem-wide dependent count for version 7.0.0.

DescriptionCVE.org

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.

AnalysisAI

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.9%.

Technical ContextAI

This vulnerability is classified as XML External Entity (XXE) (CWE-611), which allows attackers to read arbitrary files or perform SSRF through XML processing. Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr. Affected products include: Apache Solr, Redhat Jboss Enterprise Application Platform, Debian Debian Linux, Canonical Ubuntu Linux. Version information: before 7.1.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Disable external entity processing in XML parsers, use JSON instead of XML where possible.

More in Solr

View all
CVE-2013-6397 MEDIUM POC
4.3 Dec 07

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitr

CVE-2019-17558 HIGH POC
7.5 Dec 30

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. Rat

CVE-2024-45216 CRITICAL POC
9.8 Oct 16

Improper Authentication vulnerability in Apache Solr. Rated critical severity (CVSS 9.8), this vulnerability is remotely

CVE-2021-27905 CRITICAL POC
9.8 Apr 13

The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also

CVE-2019-12409 CRITICAL POC
9.8 Nov 18

The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration opt

CVE-2019-0192 CRITICAL POC
9.8 Mar 07

In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP

CVE-2017-1000190 CRITICAL POC
9.1 Nov 17

SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and s

CVE-2021-33813 HIGH POC
7.5 Jun 16

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP reques

CVE-2019-12401 HIGH POC
7.5 Sep 10

Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a

CVE-2019-0193 HIGH POC
7.2 Aug 01

In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources,

CVE-2017-3163 HIGH
7.5 Aug 30

When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP

CVE-2021-44548 CRITICAL
9.8 Dec 23

An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows U

Share

CVE-2017-12629 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy