Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-12629

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.

Published

2017-10-14T23:29:00.260

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-611

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	solr	≤ 5.5.4	Yes
Application	apache	solr	≤ 6.6.1	Yes
Application	apache	solr	≤ 7.0.1	Yes
Application	redhat	jboss_enterprise_application_platform	7.0.0	Yes
Application	redhat	jboss_enterprise_application_platform	7.1.0	Yes
Operating System	redhat	enterprise_linux_server	6.0	No
Operating System	redhat	enterprise_linux_server	7.0	No
Operating System	debian	debian_linux	7.0	Yes
Operating System	debian	debian_linux	8.0	Yes
Operating System	debian	debian_linux	9.0	Yes
Operating System	canonical	ubuntu_linux	16.04	Yes

References

http://mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51UO_6Vy%3Dj8W%3Dx1pMbLW9VJfZyFWz7pAnXJC_OAdSZubA%40mail.gmail.com%3E Mailing List, Vendor Advisory ([email protected])
http://openwall.com/lists/oss-security/2017/10/13/1 Mailing List, Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/101261 Third Party Advisory, VDB Entry ([email protected])
https://access.redhat.com/errata/RHSA-2017:3123 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2017:3124 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2017:3244 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2017:3451 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2017:3452 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:0002 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:0003 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:0004 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:0005 Third Party Advisory ([email protected])
https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f%40%3Coak-issues.jackrabbit.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314%40%3Cusers.solr.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef%40%3Cusers.solr.apache.org%3E ([email protected])
https://lists.debian.org/debian-lts-announce/2018/01/msg00028.html Mailing List, Third Party Advisory ([email protected])
https://s.apache.org/FJDl Exploit, Mailing List, Vendor Advisory ([email protected])
https://twitter.com/ApacheSolr/status/918731485611401216 Third Party Advisory ([email protected])
https://twitter.com/joshbressers/status/919258716297420802 Third Party Advisory ([email protected])
https://twitter.com/searchtools_avi/status/918904813613543424 Third Party Advisory ([email protected])
https://usn.ubuntu.com/4259-1/ Third Party Advisory ([email protected])
https://www.debian.org/security/2018/dsa-4124 Third Party Advisory ([email protected])
https://www.exploit-db.com/exploits/43009/ Exploit, Third Party Advisory, VDB Entry ([email protected])
http://mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51UO_6Vy%3Dj8W%3Dx1pMbLW9VJfZyFWz7pAnXJC_OAdSZubA%40mail.gmail.com%3E Mailing List, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2017/10/13/1 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/101261 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:3123 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:3124 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:3244 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:3451 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:3452 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0002 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0003 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0004 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0005 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f%40%3Coak-issues.jackrabbit.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314%40%3Cusers.solr.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef%40%3Cusers.solr.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2018/01/msg00028.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://s.apache.org/FJDl Exploit, Mailing List, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://twitter.com/ApacheSolr/status/918731485611401216 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://twitter.com/joshbressers/status/919258716297420802 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://twitter.com/searchtools_avi/status/918904813613543424 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4259-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2018/dsa-4124 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/43009/ Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)