Home > Vulnerability Database > CVE-2017-12629

Mend.io Vulnerability Database

CVE-2017-12629

Good to know:

Date: October 14, 2017

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.

Language: Java

Severity Score

9.8

Related Resources (39)

Url: https://lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f%40%3Coak-issues.jackrabbit.apache.org%3E

Url: http://mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51UO_6Vy%3Dj8W%3Dx1pMbLW9VJfZyFWz7pAnXJC_OAdSZubA%40mail.gmail.com%3E

Url: https://github.com/apache/lucene

Url: http://openwall.com/lists/oss-security/2017/10/13/1

Url: https://access.redhat.com/errata/RHSA-2017:3244

Url: https://access.redhat.com/errata/RHSA-2017:3123

Url: https://github.com/apache/lucene-solr/commit/3bba91131b5257e64b9d0a2193e1e32a145b2a2

Url: https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3E

Url: https://usn.ubuntu.com/4259-1/

Url: https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E

Url: https://access.redhat.com/errata/RHSA-2017:3124

Url: https://www.debian.org/security/2018/dsa-4124

Url: https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E

Url: https://twitter.com/ApacheSolr/status/918731485611401216

Url: https://usn.ubuntu.com/4259-1

Url: https://access.redhat.com/errata/RHSA-2018:0002

Url: https://issues.apache.org/jira/browse/SOLR-11477

Url: https://access.redhat.com/errata/RHSA-2018:0004

Url: https://github.com/apache/lucene-solr/commit/f9fd6e9e26224f26f1542224ce187e04c27b268

Url: https://access.redhat.com/errata/RHSA-2018:0003

Url: https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E

Url: https://lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f@%3Coak-issues.jackrabbit.apache.org%3E

Url: https://github.com/apache/lucene-solr/commit/d8000beebfb13ba0b6e754f84c760e11592d8d1

Url: https://access.redhat.com/errata/RHSA-2018:0005

Url: https://access.redhat.com/errata/RHSA-2017:3452

Url: https://access.redhat.com/errata/RHSA-2017:3451

Url: http://www.securityfocus.com/bid/101261

Url: https://www.exploit-db.com/exploits/43009

Url: https://twitter.com/searchtools_avi/status/918904813613543424

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-12629

Url: https://github.com/advisories/GHSA-mh7g-99w9-xpjm

Url: https://lists.debian.org/debian-lts-announce/2018/01/msg00028.html

Url: https://access.redhat.com/security/cve/CVE-2017-12629

Url: https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314%40%3Cusers.solr.apache.org%3E

Url: https://s.apache.org/FJDl

Url: https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef%40%3Cusers.solr.apache.org%3E

Url: https://twitter.com/joshbressers/status/919258716297420802

Url: https://www.exploit-db.com/exploits/43009/

Url: https://www.mend.io/vulnerability-database/CVE-2017-12629

Severity Score

9.8

Weakness Type (CWE)

Improper Restriction of XML External Entity Reference ('XXE')

CWE-611

Top Fix

Upgrade Version

Upgrade to version org.apache.lucene:lucene-queryparser:5.5.5,6.6.2,7.1.0,org.apache.solr:solr-core:5.5.5,6.6.2,7.1.0

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-12629

Good to know:

Date: October 14, 2017

Language: Java

Severity Score

Related Resources (39)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?