SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Apache Solr Remote Code Execution 2

Category: WEB-ATTACKS      

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this.

References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12629


Relevant Information