⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2017-12629

CWE-611XML External Entity (XXE)CWE-13819 documents11 sources
Severity
9.8CRITICAL
EPSS
93.9%
top 0.13%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
4
Apache SolrCanonical Ubuntu LinuxDebian Debian Linux+1 more
Timeline
PublishedOct 14
Latest updateJan 29

Description

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to t

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

CVEListV5apache_solr_before_7.1_with_apache_lucene_before_7.1lucene-solr7.1.0+2
Mavenorg.apache.solr:solr-core7.0.07.1.0+2
Debianlucene-solr< 3.6.2+dfsg-11+3
NVDapache/solr5.5.05.5.4+2

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 16.04

🔴Vulnerability Details

4
OSV
Remote code execution occurs in Apache Solr2018-10-17
GHSA
Remote code execution occurs in Apache Solr2018-10-17
CVEList
CVE-2017-12629: Remote code execution occurs in Apache Solr before 72017-10-14
OSV
CVE-2017-12629: Remote code execution occurs in Apache Solr before 72017-10-14

💥Exploits & PoCs

2
Exploit-DB
Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution2017-10-17
Nuclei
Apache Solr <= 7.1 - XML Entity Injection

🔍Detection Rules

4
Suricata
ET EXPLOIT Possible CVE-2017-12629 RCE Exploit Attempt (HTTP GET 1)2017-10-20
Suricata
ET EXPLOIT Possible CVE-2017-12629 XXE Exploit Attempt (URI)2017-10-20
Suricata
ET EXPLOIT Possible CVE-2017-12629 RCE Exploit Attempt (HTTP GET 2)2017-10-20
Suricata
ET EXPLOIT Possible CVE-2017-12629 RCE Exploit Attempt (HTTP POST)2017-10-20

📋Vendor Advisories

3
Ubuntu
Apache Solr vulnerability2020-01-29
Red Hat
Solr: Code execution via entity expansion2017-10-12
Debian
CVE-2017-12629: lucene-solr - Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before...2017

💬Community

5
Bugzilla
CVE-2017-12629 lucene: Solr: Code execution via entity expansion [fedora-all]2017-10-13
Bugzilla
CVE-2017-12629 lucene3: Solr: Code execution via entity expansion [fedora-all]2017-10-13
Bugzilla
CVE-2017-12629 solr3: Solr: Code execution via entity expansion [fedora-all]2017-10-13
Bugzilla
CVE-2017-12629 lucene4: Solr: Code execution via entity expansion [fedora-all]2017-10-13
Bugzilla
CVE-2017-12629 Solr: Code execution via entity expansion2017-10-12
CVE-2017-12629 (CRITICAL CVSS 9.8) | Remote code execution occurs in Apa | cvebase.io