FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
e59cb761-5ad8-11ea-abb7-001b217b3468Solr -- multiple vulnerabilities

Community reports:

8.1.1 and 8.2.0 users check ENABLE_REMOTE_JMX_OPTS setting

Apache Solr RCE vulnerability due to bad config default

Apache Solr RCE through VelocityResponseWriter


Discovery 2019-12-30
Entry 2020-02-29
apache-solr
< 8.3.1

https://lucene.apache.org/solr/security.html
CVE-2019-17558
e837390d-0ceb-46b8-9b32-29c1195f5dc7solr -- Code execution via entity expansion

Solr developers report:

Lucene XML parser does not explicitly prohibit doctype declaration and expansion of external entities which leads to arbitrary HTTP requests to the local SOLR instance and to bypass all firewall restrictions.

Solr "RunExecutableListener" class can be used to execute arbitrary commands on specific events, for example after each update query. The problem is that such listener can be enabled with any parameters just by using Config API with add-listener command.


Discovery 2017-10-13
Entry 2017-10-13
Modified 2017-10-16
apache-solr
ge 5.1 le 6.6.1

ge 7.0.0 lt 7.1

http://lucene.472066.n3.nabble.com/Re-Several-critical-vulnerabilities-discovered-in-Apache-Solr-XXE-amp-RCE-td4358308.html
https://marc.info/?l=apache-announce&m=150786685013286
CVE-2017-12629