CVE-2017-12629

Name of the Vulnerable Software and Affected Versions Apache Solr versions prior to 5.5.5 Apache Solr versions prior to 6.6.2 Apache Solr versions prior to 7.1.0 Apache Lucene versions prior to 7.1.0

Description The issue is related to the incorrect restriction of XML external entity references in the implementation of the RunExecutableListener class in Apache Solr and the Apache Lucene library for full-text search. This can be exploited by a remote attacker to execute arbitrary code. The XML external entity expansion vulnerability occurs in the XML Query Parser, which is available by default for any query request with parameters deftype=xmlparser. This can be exploited to upload malicious data to the /upload request handler or as Blind XXE using an ftp wrapper to read arbitrary local files from the Solr server. The vulnerability can also be exploited using the RunExecutableListener class, available on all affected versions of Solr.

Recommendations For Apache Solr versions prior to 5.5.5, update to version 5.5.5 or later. For Apache Solr versions prior to 6.6.2, update to version 6.6.2 or later. For Apache Solr versions prior to 7.1.0, update to version 7.1.0 or later. As a temporary workaround, consider disabling the RunExecutableListener class until a patch is available. Restrict access to the XML Query Parser to minimize the risk of exploitation. Avoid using the deftype=xmlparser parameter in query requests until the issue is resolved.