Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-17558

Опубликовано: 30 дек. 2019
Источник: redhat
CVSS3: 7.5

Описание

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting params.resource.loader.enabled by defining a response writer with that setting set to true. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is trusted (has been uploaded by an authenticated user).

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat JBoss Data Virtualization 6solr-coreNot affected
Red Hat JBoss Enterprise Application Platform 6solr-coreNot affected
Red Hat JBoss Fuse 6solr-coreNot affected
Red Hat JBoss Fuse Service Works 6solr-coreNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1789509solr: Remote Code Execution through the VelocityResponseWriter

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-17558

CVSS3: 7.5
ubuntu
около 6 лет назад

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).

nvd логотип

CVE-2019-17558

CVSS3: 7.5
nvd
около 6 лет назад

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).

debian логотип

CVE-2019-17558

CVSS3: 7.5
debian
около 6 лет назад

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code ...

github логотип

GHSA-ww97-9w65-2crx

CVSS3: 7.5
github
почти 6 лет назад

Improper Input Validation in Apache Solr

fstec логотип

BDU:2020-05183

CVSS3: 7.5
fstec
около 6 лет назад

Уязвимость компонента VelocityResponseWriter поискового сервера Apache Solr, позволяющая нарушителю выполнить произвольный код

7.5 High

CVSS3