what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

CVE-2017-12629

Status Candidate

Overview

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.

Related Files

Red Hat Security Advisory 2020-2561-01
Posted Jun 16, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2561-01 - Red Hat JBoss Enterprise Application Platform CD12 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform CD12 includes bug fixes and enhancements. Issues addressed include code execution, deserialization, and memory exhaustion vulnerabilities.

tags | advisory, java, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2017-12174, CVE-2017-12196, CVE-2017-12629, CVE-2017-15089, CVE-2018-8088
SHA-256 | b76aaf5cc67f51ef012b340ca8233367d63f2f7981ba6e783d50b98e7f58223b
Ubuntu Security Notice USN-4259-1
Posted Jan 30, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4259-1 - Michael Stepankin and Olga Barinova discovered that Apache Solr was vulnerable to an XXE attack. An attacker could use this vulnerability to remotely execute code.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2017-12629
SHA-256 | 3931c673f360301aa8f26e6e66ddaed7522a4f3629ff128ef0db01f1b7edb518
Debian Security Advisory 4124-1
Posted Feb 28, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4124-1 - Two vulnerabilities have been found in Solr, a search server based on Lucene, which could result in the execution of arbitrary code or path traversal.

tags | advisory, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2017-12629, CVE-2017-3163
SHA-256 | 29dc6d7fea2b092e820fc5d1427b083cae139fa26d364a0522fba89aa5887131
Red Hat Security Advisory 2018-0005-01
Posted Jan 3, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0005-01 - The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the eap7-jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 7.0.9.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2016-6346, CVE-2017-12165, CVE-2017-12167, CVE-2017-12189, CVE-2017-12629, CVE-2017-7559, CVE-2017-7561
SHA-256 | da4d148213b905c54870cc63a402378e78af2489a3982d2a9ab6286f37da7986
Red Hat Security Advisory 2018-0004-01
Posted Jan 3, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0004-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr's Config API.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2016-6346, CVE-2017-12165, CVE-2017-12167, CVE-2017-12189, CVE-2017-12629, CVE-2017-7559, CVE-2017-7561
SHA-256 | 99395ce850cc272eac4ec7c1a8dac4ff956cb400415c67a3158acee4d1fafc1f
Red Hat Security Advisory 2018-0002-01
Posted Jan 3, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0002-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr's Config API.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2016-6346, CVE-2017-12165, CVE-2017-12167, CVE-2017-12189, CVE-2017-12629, CVE-2017-7559, CVE-2017-7561
SHA-256 | fe6966e50679bbf7e8aea17cd40bfd2c72cd3c4d7958627a19df68ca42e30431
Red Hat Security Advisory 2018-0003-01
Posted Jan 3, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0003-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr's Config API.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2016-6346, CVE-2017-12165, CVE-2017-12167, CVE-2017-12189, CVE-2017-12629, CVE-2017-7559, CVE-2017-7561
SHA-256 | 943628da3b7fc89f7d89db9e0feb44ab9859636ca60338cf86778d6370406a38
Red Hat Security Advisory 2017-3452-01
Posted Dec 13, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3452-01 - Apache Lucene is a high-performance, full-featured text search engine library written entirely in Java. It is a technology suitable for nearly any application that requires full-text search, especially cross-platform. Security Fix: It was discovered that Lucene's XML query parser did not properly restrict doctype declaration and expansion of external entities. An attacker with access to an application using a Lucene XML query parser could exploit this flaw to perform XML eXternal Entity attacks.

tags | advisory, java, xxe
systems | linux, redhat
advisories | CVE-2017-12629
SHA-256 | 26e4726f6f0f7896cd9ba554784035113622f24b3a03626fd4b1e47b30def97e
Red Hat Security Advisory 2017-3451-01
Posted Dec 13, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3451-01 - Apache Lucene is a high-performance, full-featured text search engine library written entirely in Java. It is a technology suitable for nearly any application that requires full-text search, especially cross-platform. Security Fix: It was discovered that Lucene's XML query parser did not properly restrict doctype declaration and expansion of external entities. An attacker with access to an application using a Lucene XML query parser could exploit this flaw to perform XML eXternal Entity attacks.

tags | advisory, java, xxe
systems | linux, redhat
advisories | CVE-2017-12629
SHA-256 | 121c43b8294f271b4d791d9a53c87376dd04c9aa6efe6e6e2b4d2274c61a3262
Red Hat Security Advisory 2017-3244-01
Posted Nov 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3244-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 7.1.1 serves as a replacement for Red Hat JBoss Data Grid 7.1.0, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References. Security Fix: It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr's Config API.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2016-0750, CVE-2017-12629, CVE-2017-5645
SHA-256 | 5af80a8b5ac307329447f99ab4502bafe5e71b9a6b60854fc9bd8b379758e3e3
Red Hat Security Advisory 2017-3123-01
Posted Nov 6, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3123-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for lucene package in Red Hat JBoss Enterprise Application Platform 7.0.8. Security Fix: It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr's Config API.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2017-12629
SHA-256 | 28fdc5b7d9943c9fd521934c6ffa5073ede4a33357d89422643958c1f872c617
Red Hat Security Advisory 2017-3124-01
Posted Nov 6, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3124-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for lucene package in Red Hat JBoss Enterprise Application Platform 7.0.8 Security Fix: It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr's Config API.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2017-12629
SHA-256 | 0cff01a99fabae33b338c54b5f3b0607af75e396e5993e5a2faccdc5fa1e216e
Apache Solr 7.0.1 XXE Injection / Code Execution
Posted Oct 18, 2017
Authored by Michael Stepankin, Olga Barinova

Apache Solar version 7.0.1 suffers from XML external entity injection and remote code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xxe
advisories | CVE-2017-12629
SHA-256 | 329a2e9c8a0283ae00e021c2cda2241153ca88f96329701ff8bb3b1e24590293
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    0 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close