oss-sec mailing list archives
Re: CVE request: Apache Solr 4.6.0
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 26 Nov 2013 17:15:23 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/26/2013 04:06 PM, Nicolas Grégoire wrote:
Hello, Apache Solr 4.6.0 was released a few days ago. This version includes a fix for bug SOLR-4882 (directory traversal when accessing XSLT stylesheets and Velocity templates): http://lucene.apache.org/solr/4_6_0/changes/Changes.html#v4.6.0.security
https://issues.apache.org/jira/browse/SOLR-4882
If the user can store his own files on the server, this vulnerability could be abused to gain remote code execution. Regards, Nicolas Grégoire
Please use CVE-2013-6397 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJSlTmbAAoJEBYNRVNeJnmT0l8P/2i0kuG+e/OnnKXVLRe4ntY3 0MgHu6RnMfDkWxEnBRojCGvvohHv61Nb+vn1ap/PnbmoG7o0uk0fKc850potUkJA vI9snU0n2Lt6FLMtQIUuv+kplqpPilem+/Tdfr02G9e19H/04WaeTLEtboSNDLYR ZTkjxGg4om6KK2hVwYs0OsrFFxe70f/4wxMC2KOwJmnR1HNQAKPZ2jD9HkNSxSWQ dC7g07TTyE7/r1ns952ushCtuboiuOnAoimHBURhD7OB+VeUXM5FUsp6siw/XBkH /UJyeBK9wAo4atzNOGBydaJwm/do9v88N5QXiU095LVBtuePt6rMrmthx9OrwD98 +tC2R7fpfeQ1tolpzVGW1KBDTMEHiFUwPGAYXwHVsPAor0fTDHg93C1N4dSgh+yF MB4tMM8OsWeC+QBAicPL8Dw1DiVPK15TL4kgYHqX2cr4Wf1dd9oVqlYpdRj2VCl+ ouAlI/xYJxmb6tYsFrNwsiqmMFiSsLMy5dmmkafWbMJklWyhcZwkfkUcd9IHZMi1 U0EJzZUuOC3WJjqNm6KLsj7LzVoqy4qBFkoDwpE0EvvCn6R7WJ+GWgZMsnvWpDEo MlEGI9AejhvT47gtHwFukunurDYx70B9fSk3WuYnBWRnl3gZDbUshY27pa+2tlio MmtBaT2CQvzaRZb2sRYP =32bH -----END PGP SIGNATURE-----
Current thread:
- CVE request: Apache Solr 4.6.0 Nicolas Grégoire (Nov 26)
- Re: CVE request: Apache Solr 4.6.0 Kurt Seifried (Nov 26)