Vulnerability & Exploit Database

Displaying all 2 entries

Results for: CVE-2017-12629 Back to search

FreeBSD: VID-E837390D-0CEB-46B8-9B32-29C1195F5DC7 (CVE-2017-12629): solr -- Code execution via entity expansion Vulnerability

  • Severity: 8
  • Published: October 13, 2017

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs i...

Debian: CVE-2017-12629: lucene-solr -- security update Vulnerability

  • Severity: 8
  • Published: October 13, 2017

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs i...