https://bugzilla.redhat.com/show_bug.cgi?id=1501529
Eric Christensen <sparks(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=critical,public=2017 |impact=critical,public=2017
|1012,reported=20171011,sour |1012,reported=20171010,sour
|ce=internet,cvss2=10/AV:N/A |ce=internet,cvss2=10/AV:N/A
|C:L/Au:N/C:C/I:C/A:C,cvss3= |C:L/Au:N/C:C/I:C/A:C,cvss3=
|9.8/CVSS:3.0/AV:N/AC:L/PR:N |9.8/CVSS:3.0/AV:N/AC:L/PR:N
|/UI:N/S:U/C:H/I:H/A:H,eap-6 |/UI:N/S:U/C:H/I:H/A:H,eap-6
|/solr=notaffected,eap-7/luc |/solr=notaffected,eap-7/luc
|ene=affected/impact=moderat |ene=affected/impact=moderat
|e,jpp-6/solr=notaffected/im |e,jpp-6/solr=notaffected/im
|pact=moderate,rhsso-7/lucen |pact=moderate,rhsso-7/lucen
|e=notaffected/impact=modera |e=notaffected/impact=modera
|te,jdg-7/lucene=affected/im |te,jdg-7/lucene=affected/im
|pact=moderate,fuse-6/Camel= |pact=moderate,fuse-6/Camel=
|notaffected,brms-6/lucene=n |notaffected,brms-6/lucene=n
|otaffected,bpms-6/lucene=no |otaffected,bpms-6/lucene=no
|taffected,rhev-m-4/lucene=n |taffected,rhev-m-4/lucene=n
|otaffected/impact=moderate, |otaffected/impact=moderate,
|rhel-5/lucene=notaffected,r |rhel-5/lucene=notaffected,r
|hel-6/lucene=wontfix/impact |hel-6/lucene=wontfix/impact
|=moderate,rhscl-3/rh-java-c |=moderate,rhscl-3/rh-java-c
|ommon-lucene=affected/impac |ommon-lucene=affected/impac
|t=moderate,rhscl-3/rh-java- |t=moderate,rhscl-3/rh-java-
|common-lucene5=affected/imp |common-lucene5=affected/imp
|act=moderate,fedora-all/luc |act=moderate,fedora-all/luc
|ene=affected,fedora-all/luc |ene=affected,fedora-all/luc
|ene4=affected,fedora-all/lu |ene4=affected,fedora-all/lu
|cene3=affected,fedora-all/s |cene3=affected,fedora-all/s
|olr3=affected,eap-6/lucene= |olr3=affected,eap-6/lucene=
|notaffected |notaffected
--- Doc Text *updated* ---
It was found that Apache Lucene would accept an object from an unauthenticated user that
could be manipulated through subsequent post requests. An attacker could use this flaw to
assemble an object that could permit execution of arbitrary code if the server enabled
Apache Solr's Config API.
--
You are receiving this mail because:
You are on the CC list for the bug.