Описание
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
A flaw was found in Apache Solr’s DataImportHandler(DIH). A DIH configuration containing scripts coming from a request's dataConfig parameter allows an attacker to perform remote code execution.
Меры по смягчению последствий
Edit solrconfig.xml to configure all DataImportHandler usages with an "invariants" section listing the "dataConfig" parameter set to am empty string, or ensure your network settings are configured so that only trusted traffic communicates with Solr, especially to the DataImportHandler (although this is a best practice regardless) (ref: https://issues.apache.org/jira/browse/SOLR-13669)
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | camel-solr | Not affected | ||
| Red Hat JBoss Data Virtualization 6 | solr-core | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | solr-core | Not affected | ||
| Red Hat JBoss Fuse 6 | solr-core | Not affected | ||
| Red Hat JBoss Fuse Service Works 6 | solr-core | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
9.1 Critical
CVSS3
Связанные уязвимости
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
In Apache Solr, the DataImportHandler, an optional but popular module ...
XML External Entity (XXE) Injection in Apache Solr
Уязвимость модуля DataImportHandler поискового сервера Apache Solr, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
EPSS
9.1 Critical
CVSS3