Home

CVE-2017-12629

Description

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
93.891

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2017-7660,CVE-2017-12629 are fixed in Apache-solr-core 5.5.5Windows
Vulnerabilities CVE-2017-12629 are fixed in Apache-solr-core 7.1.0Windows
Vulnerabilities CVE-2017-12629 are fixed in Apache-solr-core 6.6.2Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 7.0.0Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 7.1.0Windows
Full-text search engine library for Java - additional libraries (USN-4259-1) solr-jetty_3.6.2+dfsg-8ubuntu0.1_all.debLinux
Full-text search engine library for Java - additional libraries (USN-4259-1) solr-common_3.6.2+dfsg-8ubuntu0.1_all.debLinux
Full-text search engine library for Java - additional libraries (USN-4259-1) solr-tomcat_3.6.2+dfsg-8ubuntu0.1_all.debLinux
Full-text search engine library for Java - additional libraries (USN-4259-1) libsolr-java_3.6.2+dfsg-8ubuntu0.1_all.debLinux
Full-text search engine library for Java - additional libraries (USN-4259-1) liblucene3-java_3.6.2+dfsg-8ubuntu0.1_all.debLinux
Full-text search engine library for Java - additional libraries (USN-4259-1) liblucene3-contrib-java_3.6.2+dfsg-8ubuntu0.1_all.debLinux
Vulnerabilities CVE-2017-7660,CVE-2017-12629 are fixed in Apache-solr-core for Linux 5.5.5Linux
Vulnerabilities CVE-2017-12629 are fixed in Apache-solr-core for Linux 7.1.0Linux
Vulnerabilities CVE-2017-12629 are fixed in Apache-solr-core for Linux 6.6.2Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234