Web application abuses : Apache Solr XEE and RCE Vulnerability (SOLR-11477)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.113042
Category:	Web application abuses
Title:	Apache Solr XEE and RCE Vulnerability (SOLR-11477) - Linux
Summary:	Apache Solr is vulnerable to an XML Entity Expansion (XEE); vulnerability leading to remote code execution (RCE).
Description:	Summary: Apache Solr is vulnerable to an XML Entity Expansion (XEE) vulnerability leading to remote code execution (RCE). Vulnerability Insight: Through XML Entity Expansion code from another, malicious host can be made to load and execute on the target host. Vulnerability Impact: Successful exploitation would allow the attacker to execute arbitrary code on the host. Affected Software/OS: Apache Solr versions 5.1.0 to 5.5.4, 6.x prior to 6.6.2 and 7.x prior to 7.1.0. Solution: Update to Apache Solr 5.5.5, 6.6.2, 7.1.0 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-12629 BugTraq ID: 101261 http://www.securityfocus.com/bid/101261 Debian Security Information: DSA-4124 (Google Search) https://www.debian.org/security/2018/dsa-4124 https://www.exploit-db.com/exploits/43009/ http://openwall.com/lists/oss-security/2017/10/13/1 https://twitter.com/ApacheSolr/status/918731485611401216 https://twitter.com/joshbressers/status/919258716297420802 https://twitter.com/searchtools_avi/status/918904813613543424 https://lists.debian.org/debian-lts-announce/2018/01/msg00028.html https://lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f@%3Coak-issues.jackrabbit.apache.org%3E https://s.apache.org/FJDl https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E http://mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51UO_6Vy%3Dj8W%3Dx1pMbLW9VJfZyFWz7pAnXJC_OAdSZubA%40mail.gmail.com%3E RedHat Security Advisories: RHSA-2017:3123 https://access.redhat.com/errata/RHSA-2017:3123 RedHat Security Advisories: RHSA-2017:3124 https://access.redhat.com/errata/RHSA-2017:3124 RedHat Security Advisories: RHSA-2017:3244 https://access.redhat.com/errata/RHSA-2017:3244 RedHat Security Advisories: RHSA-2017:3451 https://access.redhat.com/errata/RHSA-2017:3451 RedHat Security Advisories: RHSA-2017:3452 https://access.redhat.com/errata/RHSA-2017:3452 RedHat Security Advisories: RHSA-2018:0002 https://access.redhat.com/errata/RHSA-2018:0002 RedHat Security Advisories: RHSA-2018:0003 https://access.redhat.com/errata/RHSA-2018:0003 RedHat Security Advisories: RHSA-2018:0004 https://access.redhat.com/errata/RHSA-2018:0004 RedHat Security Advisories: RHSA-2018:0005 https://access.redhat.com/errata/RHSA-2018:0005 https://usn.ubuntu.com/4259-1/
Copyright	Copyright (C) 2017 Greenbone AG