Debian Wheezy DLA-1046-1 Critical: Lucene-Solr Path Traversal Threat

debian lts

July 30, 2017

lucene-solr handler supports an HTTP API (/replication?command=filecontent&file=) which is vulnerable to path traversal attack

Topics Covered

security advisory critical debian software issue path traversal lucene-solr

Summary

lucene-solr handler supports an HTTP API (/replication?command=filecontent&file=)
which is vulnerable to path traversal attack. Specifically, this API does not
perform any validation of the user specified file_name parameter. This can
allow an attacker to download any file readable to Solr server process even if
it is not related to the actual Solr index state.

For Debian 7 "Wheezy", this problem has been fixed in version
3.6.0+dfsg-1+deb7u2.

We recommend that you upgrade your lucene-solr packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Severity

critical

Lowest

Low

Medium

High

Critical

Package: lucene-solr

Version: 3.6.0+dfsg-1+deb7u2

CVE ID: CVE-2017-3163

Debian Bug: 867712

Topics Covered

security advisory critical debian software issue path traversal lucene-solr

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Debian Wheezy DLA-1046-1 Critical: Lucene-Solr Path Traversal Threat

Topics Covered

Summary

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Debian Wheezy DLA-1046-1 Critical: Lucene-Solr Path Traversal Threat

Topics Covered

Summary

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!