CVE-2017-12629 — CRITICAL (9.8)

Q: How severe is CVE-2017-12629?

CVE-2017-12629 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2017-12629?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Solr, Redhat Jboss Enterprise Application Platform, Redhat Enterprise Linux Server, Debian Debian Linux, Canonical Ubuntu Linux.

Vulnerability Description

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Apache	Solr	>= 5.5.0, <= 5.5.4
Redhat	Jboss Enterprise Application Platform	7.0.0
Redhat	Enterprise Linux Server	6.0
Debian	Debian Linux	7.0
Canonical	Ubuntu Linux	16.04

Related Weaknesses (CWE)

CWE-611

References

http://mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51Mailing ListVendor Advisory
http://openwall.com/lists/oss-security/2017/10/13/1Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/101261Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2017:3123Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3124Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3244Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3451Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3452Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0002Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0003Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0004Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0005Third Party Advisory
https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed
https://lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e6
https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c87

FAQ

What is CVE-2017-12629?

CVE-2017-12629 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener c...

How severe is CVE-2017-12629?

CVE-2017-12629 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-12629?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Solr, Redhat Jboss Enterprise Application Platform, Redhat Enterprise Linux Server, Debian Debian Linux, Canonical Ubuntu Linux.