CVE-2019-17558
HIGH
7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
MEDIUM
4,6
Source: [email protected]
Access Vector: network
Access Complexity: high
Authentication: single
Confidentiality: partial
Integrity: partial
Availability: partial
Description
AI Translation Available
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,9445
Percentile
1,0th
Updated
EPSS Score Trend (Last 91 Days)
74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
IncompleteCommon Consequences
Security Scopes Affected:
Confidentiality
Access Control
Other
Integrity
Non-Repudiation
Potential Impacts:
Read Application Data
Bypass Protection Mechanism
Alter Execution Logic
Other
Hide Activities
Applicable Platforms
All platforms may be affected
Exploit
Apache Solr 8.2.0 - Remote Code Execution
Apache Solr 8.2.0 - Remote Code Execution
View Exploit Code →
Exploit
Apache Solr - Remote Code Execution via Velocity …
Verified Metasploit Framework (MSF)Apache Solr - Remote Code Execution via Velocity Template (Metasploit)
View Exploit Code →
Application
Primavera Unifier by Oracle
Version Range Affected
From
17.7
(inclusive)
To
17.12
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Primavera Unifier by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Primavera Unifier by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Solr by Apache
Version Range Affected
From
8.0.0
(inclusive)
To
8.4.0
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Primavera Unifier by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Primavera Unifier by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Solr by Apache
Version Range Affected
From
5.0.0
(inclusive)
To
7.7.3
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019…
http://packetstormsecurity.com/files/157078/Apache-Solr-8.3.0-Velocity-Template…
https://issues.apache.org/jira/browse/SOLR-13971
https://lists.apache.org/thread.html/r0b7b9d4113e6ec1ae1d3d0898c645f758511107ea…
https://lists.apache.org/thread.html/r12ab2cb15a34e49b4fecb5b2bdd7e10f3e8b7bf1f…
https://lists.apache.org/thread.html/r19d23e8640236a3058b4d6c23e5cd663fde182255…
https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc…
https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133de…
https://lists.apache.org/thread.html/r25f1bd4545617f5b86dde27b4c30fec73117af655…
https://lists.apache.org/thread.html/r339865b276614661770c909be1dd7e862232e3ef0…
https://lists.apache.org/thread.html/r36e35fd76239a381643555966fb3e72139e018d52…
https://lists.apache.org/thread.html/r5074d814d3a8c75df4b20e66bfd268ee0a73ddea7…
https://lists.apache.org/thread.html/r58c58fe51c87bc30ee13bb8b4c83587f023edb349…
https://lists.apache.org/thread.html/r5dc200f7337093285bac40e6d5de5ea66597c3da3…
https://lists.apache.org/thread.html/r79c7e75f90e735fd32c4e3e97340625aab66c09df…
https://lists.apache.org/thread.html/r7b89b3dcfc1b6c52dd8d610b897ac98408245040c…
https://lists.apache.org/thread.html/r7f21ab40a9b17b1a703db84ac56773fcabacd4cc1…
https://lists.apache.org/thread.html/r8a36e4f92f4449dec517e560e1b55639f31b3aca2…
https://lists.apache.org/thread.html/r8e7a3c253a695a7667da0b0ec57f9bb0e31f039e6…
https://lists.apache.org/thread.html/r9271d030452170ba6160c022757e1b5af8a4c9ccf…
https://lists.apache.org/thread.html/r99c3f7ec3a079e2abbd540ecdb55a0e2a0f349ca7…
https://lists.apache.org/thread.html/ra29fa6ede5184385bf2c63e8ec054990a7d4622bb…
https://lists.apache.org/thread.html/rafc939fdd753f55707841cd5886fc7fcad4d8d8ba…
https://lists.apache.org/thread.html/rb964fe5c4e3fc05f75e8f74bf6b885f456b7a7750…
https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2be…
https://lists.apache.org/thread.html/rde3dbd8e646dabf8bef1b097e9a13ee0ecbdb8441…
https://lists.apache.org/thread.html/re8d12db916b5582a23ed144b9c5abd0bea0be1649…
https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a…
https://lists.apache.org/thread.html/rf6d7ffae2b940114324e036b6394beadf27696d05…
https://www.oracle.com/security-alerts/cpuoct2020.html
http://packetstormsecurity.com/files/157078/Apache-Solr-8.3.0-Velocity-Template…
https://issues.apache.org/jira/browse/SOLR-13971
https://lists.apache.org/thread.html/r0b7b9d4113e6ec1ae1d3d0898c645f758511107ea…
https://lists.apache.org/thread.html/r12ab2cb15a34e49b4fecb5b2bdd7e10f3e8b7bf1f…
https://lists.apache.org/thread.html/r19d23e8640236a3058b4d6c23e5cd663fde182255…
https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc…
https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133de…
https://lists.apache.org/thread.html/r25f1bd4545617f5b86dde27b4c30fec73117af655…
https://lists.apache.org/thread.html/r339865b276614661770c909be1dd7e862232e3ef0…
https://lists.apache.org/thread.html/r36e35fd76239a381643555966fb3e72139e018d52…
https://lists.apache.org/thread.html/r5074d814d3a8c75df4b20e66bfd268ee0a73ddea7…
https://lists.apache.org/thread.html/r58c58fe51c87bc30ee13bb8b4c83587f023edb349…
https://lists.apache.org/thread.html/r5dc200f7337093285bac40e6d5de5ea66597c3da3…
https://lists.apache.org/thread.html/r79c7e75f90e735fd32c4e3e97340625aab66c09df…
https://lists.apache.org/thread.html/r7b89b3dcfc1b6c52dd8d610b897ac98408245040c…
https://lists.apache.org/thread.html/r7f21ab40a9b17b1a703db84ac56773fcabacd4cc1…
https://lists.apache.org/thread.html/r8a36e4f92f4449dec517e560e1b55639f31b3aca2…
https://lists.apache.org/thread.html/r8e7a3c253a695a7667da0b0ec57f9bb0e31f039e6…
https://lists.apache.org/thread.html/r9271d030452170ba6160c022757e1b5af8a4c9ccf…
https://lists.apache.org/thread.html/r99c3f7ec3a079e2abbd540ecdb55a0e2a0f349ca7…
https://lists.apache.org/thread.html/ra29fa6ede5184385bf2c63e8ec054990a7d4622bb…
https://lists.apache.org/thread.html/rafc939fdd753f55707841cd5886fc7fcad4d8d8ba…
https://lists.apache.org/thread.html/rb964fe5c4e3fc05f75e8f74bf6b885f456b7a7750…
https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2be…
https://lists.apache.org/thread.html/rde3dbd8e646dabf8bef1b097e9a13ee0ecbdb8441…
https://lists.apache.org/thread.html/re8d12db916b5582a23ed144b9c5abd0bea0be1649…
https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a…
https://lists.apache.org/thread.html/rf6d7ffae2b940114324e036b6394beadf27696d05…
https://www.oracle.com/security-alerts/cpuoct2020.html