1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Apache Solr/Lucene CVE-2017-12629

Web Attack: Apache Solr/Lucene CVE-2017-12629

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a remote code execution vulnerability in Apache Solr/Lucence.

Additional Information

Apache Solr and Lucene are prone to multiple security vulnerabilities:

1. An information-disclosure vulnerability because the CoreParser class fails to restrict doctype declaration and expansion of external entities. Specifically, this issue affects 'Lucene' and occurs due to an XML External Entity expansion error when processing an XML document.

2. A remote-code execution vulnerability that affects the 'RunExecutableListener' class. Specifically, this issue occurs because the listener can be enabled with any parameters when using Solr's Config API with add-listener command. An attacker can exploit this issue to gain access to the vulnerable server and execute arbitrary commands.

An attacker can exploit these issues to gain access to sensitive information or to execute arbitrary code in the context of the affected application.

Affected

  • Redhat Single Sign-On 7.0
  • + Redhat Linux 6.2 E sparc
  • + Redhat Linux 6.2 E i386
  • + Redhat Linux 6.2 E alpha
  • + Redhat Linux 6.2 sparc
  • + Redhat Linux 6.2 i386
  • + Redhat Linux 6.2 alpha
  • Redhat JBoss Portal Platform 6
  • Redhat JBoss EAP 7 0
  • Redhat Jboss EAP 6
  • Redhat JBoss Data Grid 7.0.0
  • Redhat Enterprise Linux 6
  • + Trustix Secure Enterprise Linux 2.0
  • + Trustix Secure Linux 2.2
  • + Trustix Secure Linux 2.1
  • + Trustix Secure Linux 2.0
  • Redhat Collections for Red Hat Enterprise Linux 0
  • Apache Solr 6.6.1
  • Apache Solr 6.6
  • Apache Solr 6.5.1
  • Apache Solr 6.5
  • Apache Solr 6.4
  • Apache Solr 6.3
  • Apache Solr 6.2
  • Apache Solr 6.6
  • Apache Solr 6.3
  • Apache Solr 6.0
  • Apache Lucene 0
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube