CVE - CVE-2017-12629

CVE-ID
CVE-2017-12629	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
EXPLOIT-DB:43009 URL:https://www.exploit-db.com/exploits/43009/ MLIST:[lucene-dev] 20171012 Re: Several critical vulnerabilities discovered in Apache Solr (XXE & RCE) URL:https://s.apache.org/FJDl MLIST:[www-announce] 20171019 [SECURITY] CVE-2017-12629: Several critical vulnerabilities discovered in Apache Solr (XXE & RCE) URL:http://mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51UO_6Vy%3Dj8W%3Dx1pMbLW9VJfZyFWz7pAnXJC_OAdSZubA%40mail.gmail.com%3E MLIST:[debian-lts-announce] 20180121 [SECURITY] [DLA 1254-1] lucene-solr security update URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00028.html MISC:http://openwall.com/lists/oss-security/2017/10/13/1 MISC:https://twitter.com/ApacheSolr/status/918731485611401216 MISC:https://twitter.com/joshbressers/status/919258716297420802 MISC:https://twitter.com/searchtools_avi/status/918904813613543424 DEBIAN:DSA-4124 URL:https://www.debian.org/security/2018/dsa-4124 REDHAT:RHSA-2017:3123 URL:https://access.redhat.com/errata/RHSA-2017:3123 REDHAT:RHSA-2017:3124 URL:https://access.redhat.com/errata/RHSA-2017:3124 REDHAT:RHSA-2017:3244 URL:https://access.redhat.com/errata/RHSA-2017:3244 REDHAT:RHSA-2017:3451 URL:https://access.redhat.com/errata/RHSA-2017:3451 REDHAT:RHSA-2017:3452 URL:https://access.redhat.com/errata/RHSA-2017:3452 REDHAT:RHSA-2018:0002 URL:https://access.redhat.com/errata/RHSA-2018:0002 REDHAT:RHSA-2018:0003 URL:https://access.redhat.com/errata/RHSA-2018:0003 REDHAT:RHSA-2018:0004 URL:https://access.redhat.com/errata/RHSA-2018:0004 REDHAT:RHSA-2018:0005 URL:https://access.redhat.com/errata/RHSA-2018:0005 BID:101261 URL:http://www.securityfocus.com/bid/101261
Assigning CNA
Apache Software Foundation
Date Entry Created
20170807	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20170807)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org