Versions Compared

Old Version 15

changes.mady.by.user Jan Høydahl

Saved on

compared with

New Version 16

changes.mady.by.user Tomas Lobbe

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Add CVE-2020-13957

...

DateCVETitleImpacted VersionsMitigationLinks
2020-10-12CVE-2020-13957The checks added to unauthenticated configset uploads can be circumvented

6.6.0 to 6.6.5

7.0.0 to 7.7.3

8.0.0 to 8.6.2

Can only be mitigated with either Solr upgrade or start argument change.

Mailing list announcement

Jira issues: SOLR-14925 and SOLR-14663

2019-12-30CVE-2019-17558RCE vulnerability through VelocityResponseWriter5.0.0-8.3.1Can only be mitigated with either Solr upgrade or a configuration change.

Mailing list announcement

Jira issues: SOLR-13971 and SOLR-14025

2019-11-18CVE-2019-12409RCE vulnerability due to bad config default8.1.1-8.2.0Can be mitigated with either a Solr upgrade or a configuration change.

Mailing list announcement

Jira issue: 

Jira
serverASF JIRA
columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
serverId5aa69414-a9e9-3523-82ec-879b028fb15b
keySOLR-13647

2019-09-09CVE-2019-12401XML Bomb in Apache Solr versions prior to 5.0

1.3.0-1.4.1

3.1.0-3.6.2

4.0.0-4.10.4

Can only be mitigated with Solr upgrade.

Mailing list announcement

Jira issue: SOLR-13750

2019-07-31CVE-2019-0193Remote Code Execution via DataImportHandlerall up to 8.2.0

Can be mitigated with either a Solr upgrade or a configuration change.


Mailing list announcement

Jira issue: SOLR-13669

2019-03-06CVE-2019-0192Deserialization of untrusted data via jmx.serviceUrl

5.0.0-5.5.5

6.0.0-6.6.5

Can be mitigated with either a Solr upgrade or a configuration change.

Mailing list announcement

Jira issue: SOLR-13301

2019-02-12CVE-2017-3164SSRF issue in Apache Solr1.3.0-7.6.0Can only be mitigated with Solr upgrade.

Mailing list announcement

Jira issue: SOLR-12770

2018-04-08CVE-2018-1308XXE attack through DIH's dataConfig request parameter

1.2-6.6.2

7.0.0-7.2.1

Can be mitigated with either a Solr upgrade or a configuration change.

Mailing list announcement

Jira issue: SOLR-11971

2017-10-26CVE-2016-6809Arbitrary Code Execution Vulnerabilty in Apache Tika

1.2-6.6.1

7.0

This vulnerability is with Apache Tika versions earlier than 1.14.

A Tika dependency update was released in Solr 6.6.2 and Solr 7.1.

Can only be mitigated with Solr upgrade.

Jira issue: SOLR-10335
2017-10-18CVE-2017-12629Several XXE & RCE vulnerabilities in Apache Solr

5.5.0-5.5.4

6.0.0-6.6.1

7.0.0-7.0.1

Can be mitigated with either a Solr upgrade or a configuration change.

Mailing list announcement

Jira issues: SOLR-11482 and SOLR-11477

2017-09-18CVE-2017-9803Vulnerability in Kerberos delegation token functionality6.2.0-6.6.0Can only be mitigated with a Solr upgrade.

Mailing list announcement

Jira issue: SOLR-11184

2017-07-07CVE-2017-7660Vulnerability in secure inter-node communication

5.3.0-5.5.4

6.0.0-6.5.1

Can only be mitigated with a Solr upgrade.

Mailing list announcement

Jira issue: SOLR-10624

2017-02-15CVE-2017-3163ReplicationHandler path traversal attack1.4.0-6.4.0Can only be mitigated with a Solr upgrade.

Mailing list announcement

Jira issue: SOLR-10031

...