Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-17558

Опубликовано: 30 дек. 2019
Источник: nvd
CVSS3: 7.5
CVSS2: 4.6
EPSS Критический

Описание

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting params.resource.loader.enabled by defining a response writer with that setting set to true. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is trusted (has been uploaded by an authenticated user).

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*
Версия от 5.0.0 (включая) до 7.7.3 (исключая)
cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*
Версия от 8.0.0 (включая) до 8.4.0 (исключая)
Конфигурация 2

Одно из

cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
Версия от 17.7 (включая) до 17.12 (включая)
cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*

EPSS

Процентиль: 100%
0.94474
Критический

7.5 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-74
CWE-74

Связанные уязвимости

ubuntu логотип

CVE-2019-17558

CVSS3: 7.5
ubuntu
около 6 лет назад

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).

redhat логотип

CVE-2019-17558

CVSS3: 7.5
redhat
около 6 лет назад

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).

debian логотип

CVE-2019-17558

CVSS3: 7.5
debian
около 6 лет назад

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code ...

github логотип

GHSA-ww97-9w65-2crx

CVSS3: 7.5
github
почти 6 лет назад

Improper Input Validation in Apache Solr

fstec логотип

BDU:2020-05183

CVSS3: 7.5
fstec
около 6 лет назад

Уязвимость компонента VelocityResponseWriter поискового сервера Apache Solr, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 100%
0.94474
Критический

7.5 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-74
CWE-74