CVE - CVE-2017-12629

CVE-ID
CVE-2017-12629	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:101261 URL:http://www.securityfocus.com/bid/101261 DEBIAN:DSA-4124 URL:https://www.debian.org/security/2018/dsa-4124 EXPLOIT-DB:43009 URL:https://www.exploit-db.com/exploits/43009/ MISC:http://openwall.com/lists/oss-security/2017/10/13/1 URL:http://openwall.com/lists/oss-security/2017/10/13/1 MISC:https://twitter.com/ApacheSolr/status/918731485611401216 URL:https://twitter.com/ApacheSolr/status/918731485611401216 MISC:https://twitter.com/joshbressers/status/919258716297420802 URL:https://twitter.com/joshbressers/status/919258716297420802 MISC:https://twitter.com/searchtools_avi/status/918904813613543424 URL:https://twitter.com/searchtools_avi/status/918904813613543424 MLIST:[debian-lts-announce] 20180121 [SECURITY] [DLA 1254-1] lucene-solr security update URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00028.html MLIST:[jackrabbit-oak-issues] 20210817 [jira] [Created] (OAK-9537) Security vulnerability in org/apache/lucene/queryparser/xml/CoreParser.java URL:https://lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f@%3Coak-issues.jackrabbit.apache.org%3E MLIST:[lucene-dev] 20171012 Re: Several critical vulnerabilities discovered in Apache Solr (XXE & RCE) URL:https://s.apache.org/FJDl MLIST:[solr-users] 20210618 CVE-2021-27905 Apache Solr ReplicationHandler/SSRF vulnerability URL:https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E MLIST:[solr-users] 20210618 Re: CVE-2021-27905 Apache Solr ReplicationHandler/SSRF vulnerability URL:https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E MLIST:[solr-users] 20210728 Re: CVE-2021-27905 Apache Solr ReplicationHandler/SSRF vulnerability URL:https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E MLIST:[www-announce] 20171019 [SECURITY] CVE-2017-12629: Several critical vulnerabilities discovered in Apache Solr (XXE & RCE) URL:http://mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51UO_6Vy%3Dj8W%3Dx1pMbLW9VJfZyFWz7pAnXJC_OAdSZubA%40mail.gmail.com%3E REDHAT:RHSA-2017:3123 URL:https://access.redhat.com/errata/RHSA-2017:3123 REDHAT:RHSA-2017:3124 URL:https://access.redhat.com/errata/RHSA-2017:3124 REDHAT:RHSA-2017:3244 URL:https://access.redhat.com/errata/RHSA-2017:3244 REDHAT:RHSA-2017:3451 URL:https://access.redhat.com/errata/RHSA-2017:3451 REDHAT:RHSA-2017:3452 URL:https://access.redhat.com/errata/RHSA-2017:3452 REDHAT:RHSA-2018:0002 URL:https://access.redhat.com/errata/RHSA-2018:0002 REDHAT:RHSA-2018:0003 URL:https://access.redhat.com/errata/RHSA-2018:0003 REDHAT:RHSA-2018:0004 URL:https://access.redhat.com/errata/RHSA-2018:0004 REDHAT:RHSA-2018:0005 URL:https://access.redhat.com/errata/RHSA-2018:0005 UBUNTU:USN-4259-1 URL:https://usn.ubuntu.com/4259-1/
Assigning CNA
Apache Software Foundation
Date Record Created
20170807	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20170807)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)