Versions Compared

Old Version 12

changes.mady.by.user Erik Hatcher

Saved on

compared with

New Version 13

changes.mady.by.user Cassandra Targett

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

DateCVETitleImpacted VersionsMitigationLinks
2019-12-30CVE-2019-17558RCE vulnerability through VelocityResponseWriter5.0.0-8.3.1Can only be mitigated with either Solr upgrade or a configuration change.

Mailing list announcement

Jira issues: SOLR-13971 and SOLR-14025

2019-11-18CVE-2019-12409RCE vulnerability due to bad config default8.1.1-8.2.0Can be mitigated with either a Solr upgrade or a configuration change.

Mailing list announcement

Jira issue: 

Jira
serverASF JIRA
columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
serverId5aa69414-a9e9-3523-82ec-879b028fb15b
keySOLR-13647

2019-09-09CVE-2019-12401XML Bomb in Apache Solr versions prior to 5.0

1.3.0-1.4.1

3.1.0-3.6.2

4.0.0-4.10.4

Can only be mitigated with Solr upgrade.

Mailing list announcement

Jira issue: SOLR-13750

2019-07-31CVE-2019-0193Remote Code Execution via DataImportHandlerall up to 8.2.0

Can be mitigated with either a Solr upgrade or a configuration change.


Mailing list announcement

Jira issue: SOLR-13669

2019-03-06CVE-2019-0192Deserialization of untrusted data via jmx.serviceUrl

5.0.0-5.5.5

6.0.0-6.6.5

Can be mitigated with either a Solr upgrade or a configuration change.

Mailing list announcement

Jira issue: SOLR-13301

2019-02-12CVE-2017-3164SSRF issue in Apache Solr1.3.0-7.6.0Can only be mitigated with Solr upgrade.

Mailing list announcement

Jira issue: SOLR-12770

2018-04-08CVE-2018-1308XXE attack through DIH's dataConfig request parameter

1.2-6.6.2

7.0.0-7.2.1

Can be mitigated with either a Solr upgrade or a configuration change.

Mailing list announcement

Jira issue: SOLR-11971

2017-10-26CVE-2016-6809Arbitrary Code Execution Vulnerabilty in Apache Tika

1.2-6.6.1

7.0

This vulnerability is with Apache Tika versions earlier than 1.14.

A Tika dependency update was released in Solr 6.6.2 and Solr 7.1.

Can only be mitigated with Solr upgrade.

Jira issue: SOLR-10335
2017-10-18CVE-2017-12629Several XXE & RCE vulnerabilities in Apache Solr

5.5.0-5.5.4

6.0.0-6.6.1

7.0.0-7.0.1

Can be mitigated with either a Solr upgrade or a configuration change.

Mailing list announcement

Jira issues: SOLR-11482 and SOLR-11477

2017-09-18CVE-2017-9803Vulnerability in Kerberos delegation token functionality6.2.0-6.6.0Can only be mitigated with a Solr upgrade.

Mailing list announcement

Jira issue: SOLR-11184

2017-07-07CVE-2017-7660Vulnerability in secure inter-node communication

5.3.0-5.5.4

6.0.0-6.5.1

Can only be mitigated with a Solr upgrade.

Mailing list announcement

Jira issue: SOLR-10624

2017-02-15CVE-2017-3163ReplicationHandler path traversal attack1.4.0-6.4.0Can only be mitigated with a Solr upgrade.

Mailing list announcement

Jira issue: SOLR-10031

...