FreeBSD: VID-E837390D-0CEB-46B8-9B32-29C1195F5DC7 (CVE-2017-12629): solr -- Code execution via entity expansion Vulnerability
- Severity: 8
- Published: October 13, 2017
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs i...