https://bugzilla.redhat.com/show_bug.cgi?id=1501529
Eric Christensen <sparks(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=critical,public=2017 |impact=critical,public=2017
|1012,reported=20171012,sour |1012,reported=20171011,sour
|ce=internet,cvss2=10/AV:N/A |ce=internet,cvss2=10/AV:N/A
|C:L/Au:N/C:C/I:C/A:C,cvss3= |C:L/Au:N/C:C/I:C/A:C,cvss3=
|9.8/CVSS:3.0/AV:N/AC:L/PR:N |9.8/CVSS:3.0/AV:N/AC:L/PR:N
|/UI:N/S:U/C:H/I:H/A:H,eap-6 |/UI:N/S:U/C:H/I:H/A:H,eap-6
|/solr=notaffected,eap-7/luc |/solr=notaffected,eap-7/luc
|ene=affected/impact=moderat |ene=affected/impact=moderat
|e,jpp-6/solr=notaffected/im |e,jpp-6/solr=notaffected/im
|pact=moderate,rhsso-7/lucen |pact=moderate,rhsso-7/lucen
|e=notaffected/impact=modera |e=notaffected/impact=modera
|te,jdg-7/lucene=affected/im |te,jdg-7/lucene=affected/im
|pact=moderate,fuse-6/Camel= |pact=moderate,fuse-6/Camel=
|notaffected,brms-6/lucene=n |notaffected,brms-6/lucene=n
|otaffected,bpms-6/lucene=no |otaffected,bpms-6/lucene=no
|taffected,rhev-m-4/lucene=n |taffected,rhev-m-4/lucene=n
|otaffected/impact=moderate, |otaffected/impact=moderate,
|rhel-5/lucene=notaffected,r |rhel-5/lucene=notaffected,r
|hel-6/lucene=wontfix/impact |hel-6/lucene=wontfix/impact
|=moderate,rhscl-3/rh-java-c |=moderate,rhscl-3/rh-java-c
|ommon-lucene=affected/impac |ommon-lucene=affected/impac
|t=moderate,rhscl-3/rh-java- |t=moderate,rhscl-3/rh-java-
|common-lucene5=affected/imp |common-lucene5=affected/imp
|act=moderate,fedora-all/luc |act=moderate,fedora-all/luc
|ene=affected,fedora-all/luc |ene=affected,fedora-all/luc
|ene4=affected,fedora-all/lu |ene4=affected,fedora-all/lu
|cene3=affected,fedora-all/s |cene3=affected,fedora-all/s
|olr3=affected,eap-6/lucene= |olr3=affected,eap-6/lucene=
|notaffected |notaffected
--- Doc Text *updated* ---
It was found that Apache Solr would accept an object from an unauthenticated user that
could be manipulated through subsequent post requests. An attacker could use this flaw to
assemble an object that could permit execution of arbitrary code on the server.
--
You are receiving this mail because:
You are on the CC list for the bug.