oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: Apache Solr 4.6.0

From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 26 Nov 2013 17:15:23 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/26/2013 04:06 PM, Nicolas Grégoire wrote:

Hello,

Apache Solr 4.6.0 was released a few days ago. This version
includes a fix for bug SOLR-4882 (directory traversal when
accessing XSLT stylesheets and Velocity templates): 
http://lucene.apache.org/solr/4_6_0/changes/Changes.html#v4.6.0.security



https://issues.apache.org/jira/browse/SOLR-4882


If the user can store his own files on the server, this
vulnerability could be abused to gain remote code execution.

Regards, Nicolas Grégoire





Please use CVE-2013-6397 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJSlTmbAAoJEBYNRVNeJnmT0l8P/2i0kuG+e/OnnKXVLRe4ntY3
0MgHu6RnMfDkWxEnBRojCGvvohHv61Nb+vn1ap/PnbmoG7o0uk0fKc850potUkJA
vI9snU0n2Lt6FLMtQIUuv+kplqpPilem+/Tdfr02G9e19H/04WaeTLEtboSNDLYR
ZTkjxGg4om6KK2hVwYs0OsrFFxe70f/4wxMC2KOwJmnR1HNQAKPZ2jD9HkNSxSWQ
dC7g07TTyE7/r1ns952ushCtuboiuOnAoimHBURhD7OB+VeUXM5FUsp6siw/XBkH
/UJyeBK9wAo4atzNOGBydaJwm/do9v88N5QXiU095LVBtuePt6rMrmthx9OrwD98
+tC2R7fpfeQ1tolpzVGW1KBDTMEHiFUwPGAYXwHVsPAor0fTDHg93C1N4dSgh+yF
MB4tMM8OsWeC+QBAicPL8Dw1DiVPK15TL4kgYHqX2cr4Wf1dd9oVqlYpdRj2VCl+
ouAlI/xYJxmb6tYsFrNwsiqmMFiSsLMy5dmmkafWbMJklWyhcZwkfkUcd9IHZMi1
U0EJzZUuOC3WJjqNm6KLsj7LzVoqy4qBFkoDwpE0EvvCn6R7WJ+GWgZMsnvWpDEo
MlEGI9AejhvT47gtHwFukunurDYx70B9fSk3WuYnBWRnl3gZDbUshY27pa+2tlio
MmtBaT2CQvzaRZb2sRYP
=32bH
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: