[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: Apache Solr 4.6.0
From: Kurt Seifried <kseifried () redhat ! com>
Date: 2013-11-27 0:15:23
Message-ID: 5295399B.6040601 () redhat ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/26/2013 04:06 PM, Nicolas Grégoire wrote:
> Hello,
>
> Apache Solr 4.6.0 was released a few days ago. This version
> includes a fix for bug SOLR-4882 (directory traversal when
> accessing XSLT stylesheets and Velocity templates):
> http://lucene.apache.org/solr/4_6_0/changes/Changes.html#v4.6.0.security
>
>
https://issues.apache.org/jira/browse/SOLR-4882
>
> If the user can store his own files on the server, this
> vulnerability could be abused to gain remote code execution.
>
> Regards, Nicolas Grégoire
>
>
>
Please use CVE-2013-6397 for this issue.
- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQIcBAEBAgAGBQJSlTmbAAoJEBYNRVNeJnmT0l8P/2i0kuG+e/OnnKXVLRe4ntY3
0MgHu6RnMfDkWxEnBRojCGvvohHv61Nb+vn1ap/PnbmoG7o0uk0fKc850potUkJA
vI9snU0n2Lt6FLMtQIUuv+kplqpPilem+/Tdfr02G9e19H/04WaeTLEtboSNDLYR
ZTkjxGg4om6KK2hVwYs0OsrFFxe70f/4wxMC2KOwJmnR1HNQAKPZ2jD9HkNSxSWQ
dC7g07TTyE7/r1ns952ushCtuboiuOnAoimHBURhD7OB+VeUXM5FUsp6siw/XBkH
/UJyeBK9wAo4atzNOGBydaJwm/do9v88N5QXiU095LVBtuePt6rMrmthx9OrwD98
+tC2R7fpfeQ1tolpzVGW1KBDTMEHiFUwPGAYXwHVsPAor0fTDHg93C1N4dSgh+yF
MB4tMM8OsWeC+QBAicPL8Dw1DiVPK15TL4kgYHqX2cr4Wf1dd9oVqlYpdRj2VCl+
ouAlI/xYJxmb6tYsFrNwsiqmMFiSsLMy5dmmkafWbMJklWyhcZwkfkUcd9IHZMi1
U0EJzZUuOC3WJjqNm6KLsj7LzVoqy4qBFkoDwpE0EvvCn6R7WJ+GWgZMsnvWpDEo
MlEGI9AejhvT47gtHwFukunurDYx70B9fSk3WuYnBWRnl3gZDbUshY27pa+2tlio
MmtBaT2CQvzaRZb2sRYP
=32bH
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic