Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2012-6612
Vulnerability from cvelistv5
Published
2013-12-07 21:00
Modified
2024-08-06 21:36
Severity ?
EPSS score ?
Summary
The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T21:36:02.073Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2014:0029", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0029.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://issues.apache.org/jira/browse/SOLR-3895", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup", }, { name: "RHSA-2013:1844", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1844.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-09-26T00:00:00", descriptions: [ { lang: "en", value: "The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-03-05T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "RHSA-2014:0029", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0029.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://issues.apache.org/jira/browse/SOLR-3895", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup", }, { name: "RHSA-2013:1844", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1844.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2012-6612", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2014:0029", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-0029.html", }, { name: "https://issues.apache.org/jira/browse/SOLR-3895", refsource: "CONFIRM", url: "https://issues.apache.org/jira/browse/SOLR-3895", }, { name: "http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup", refsource: "CONFIRM", url: "http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup", }, { name: "RHSA-2013:1844", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1844.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2012-6612", datePublished: "2013-12-07T21:00:00", dateReserved: "2013-12-07T00:00:00", dateUpdated: "2024-08-06T21:36:02.073Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2012-6612\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2013-12-07T21:55:09.547\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.\"},{\"lang\":\"es\",\"value\":\"El (1) UpdateRequestHandler para XSLT o (2) XPathEntityProcessor en Apache Solr anteriores a 4.1 permite a atacantes remotos tener un impacto no especificado a través de datos XML que contengan declaraciones de entidad externa en conjunción con referencia a una entidad, relacionado con un problema de XML External Entity (XXE), vectores diferentes a CVE-2013-6407.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.0.0\",\"matchCriteriaId\":\"1887ADD7-5B71-4CC4-B003-1F50DAC3DFA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:solr:4.0.0:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"49D9F075-B18A-4634-8AA1-DE1399548838\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:solr:4.0.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CFB9E78-22B2-4683-BD17-1600A3057FF3\"}]}]}],\"references\":[{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1844.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0029.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://issues.apache.org/jira/browse/SOLR-3895\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1844.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0029.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://issues.apache.org/jira/browse/SOLR-3895\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}", }, }
fkie_cve-2012-6612
Vulnerability from fkie_nvd
Published
2013-12-07 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*", matchCriteriaId: "1887ADD7-5B71-4CC4-B003-1F50DAC3DFA2", versionEndIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:solr:4.0.0:alpha:*:*:*:*:*:*", matchCriteriaId: "49D9F075-B18A-4634-8AA1-DE1399548838", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:solr:4.0.0:beta:*:*:*:*:*:*", matchCriteriaId: "0CFB9E78-22B2-4683-BD17-1600A3057FF3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.", }, { lang: "es", value: "El (1) UpdateRequestHandler para XSLT o (2) XPathEntityProcessor en Apache Solr anteriores a 4.1 permite a atacantes remotos tener un impacto no especificado a través de datos XML que contengan declaraciones de entidad externa en conjunción con referencia a una entidad, relacionado con un problema de XML External Entity (XXE), vectores diferentes a CVE-2013-6407.", }, ], id: "CVE-2012-6612", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-12-07T21:55:09.547", references: [ { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2013-1844.html", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2014-0029.html", }, { source: "cve@mitre.org", url: "http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://issues.apache.org/jira/browse/SOLR-3895", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2013-1844.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2014-0029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://issues.apache.org/jira/browse/SOLR-3895", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
gsd-2012-6612
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.
Aliases
Aliases
{ GSD: { alias: "CVE-2012-6612", description: "The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.", id: "GSD-2012-6612", references: [ "https://access.redhat.com/errata/RHSA-2014:0029", "https://access.redhat.com/errata/RHSA-2013:1844", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2012-6612", ], details: "The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.", id: "GSD-2012-6612", modified: "2023-12-13T01:20:16.903731Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2012-6612", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2014:0029", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-0029.html", }, { name: "https://issues.apache.org/jira/browse/SOLR-3895", refsource: "CONFIRM", url: "https://issues.apache.org/jira/browse/SOLR-3895", }, { name: "http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup", refsource: "CONFIRM", url: "http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup", }, { name: "RHSA-2013:1844", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1844.html", }, ], }, }, "gitlab.com": { advisories: [ { affected_range: "(,4.1.0)", affected_versions: "All versions before 4.1.0", cvss_v2: "AV:N/AC:L/Au:N/C:P/I:P/A:P", cwe_ids: [ "CWE-1035", "CWE-937", ], date: "2022-07-12", description: "The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.", fixed_versions: [ "4.1.0", ], identifier: "CVE-2012-6612", identifiers: [ "GHSA-6cpj-3g83-q2j4", "CVE-2012-6612", ], not_impacted: "All versions starting from 4.1.0", package_slug: "maven/org.apache.solr/solr-core", pubdate: "2022-05-17", solution: "Upgrade to version 4.1.0 or above.", title: "Improper Restriction of XML External Entity Reference in Apache Solr", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2012-6612", "https://issues.apache.org/jira/browse/SOLR-3895", "http://rhn.redhat.com/errata/RHSA-2013-1844.html", "http://rhn.redhat.com/errata/RHSA-2014-0029.html", "http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup", "https://github.com/apache/lucene-solr/commit/0d21b900975b7048d2e925d852aeacb9bdc6766c", "https://github.com/apache/lucene-solr/commit/f230486ce6707762c1a6e81655d0fac52887906d", "https://github.com/advisories/GHSA-6cpj-3g83-q2j4", ], uuid: "e730c4b8-5d23-4b8d-ac21-6de79f77d056", }, ], }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "4.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:solr:4.0.0:beta:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:solr:4.0.0:alpha:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2012-6612", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], }, ], }, references: { reference_data: [ { name: "http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup", refsource: "CONFIRM", tags: [], url: "http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup", }, { name: "https://issues.apache.org/jira/browse/SOLR-3895", refsource: "CONFIRM", tags: [ "Patch", ], url: "https://issues.apache.org/jira/browse/SOLR-3895", }, { name: "RHSA-2013:1844", refsource: "REDHAT", tags: [], url: "http://rhn.redhat.com/errata/RHSA-2013-1844.html", }, { name: "RHSA-2014:0029", refsource: "REDHAT", tags: [], url: "http://rhn.redhat.com/errata/RHSA-2014-0029.html", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", userInteractionRequired: false, }, }, lastModifiedDate: "2014-03-08T05:02Z", publishedDate: "2013-12-07T21:55Z", }, }, }
rhsa-2013_1844
Vulnerability from csaf_redhat
Published
2013-12-16 18:16
Modified
2024-11-22 07:19
Summary
Red Hat Security Advisory: Red Hat JBoss Web Framework Kit 2.4.0 update
Notes
Topic
An update for the solr-core component of Red Hat JBoss Web Framework Kit
2.4.0 that fixes multiple security issues is now available from the Red Hat
Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Details
Red Hat JBoss Web Framework Kit combines popular open source web frameworks
into a single solution for Java applications. The Apache Solr component is
an open-source search server based on the Lucene Java search library.
It was found that the SolrResourceLoader class in Apache Solr allowed
loading of resources via absolute paths, or relative paths which were not
sanitized for directory traversal. Some Solr components expose REST
interfaces which load resources (XSL style sheets and Velocity templates)
via SolrResourceLoader, using paths identified by REST parameters. A remote
attacker could use this flaw to load arbitrary local files on the server
via SolrResourceLoader, potentially resulting in information disclosure or
remote code execution. (CVE-2013-6397)
It was found that the XML and XSLT UpdateRequestHandler classes in Apache
Solr would resolve external entities, allowing an attacker to conduct XML
External Entity (XXE) attacks. A remote attacker could use this flaw to
read files accessible to the user running the application server, and
potentially perform other more advanced XXE attacks. (CVE-2012-6612,
CVE-2013-6407)
It was found that the DocumentAnalysisRequestHandler class in Apache Solr
would resolve external entities, allowing an attacker to conduct XXE
attacks. A remote attacker could use this flaw to read files accessible to
the user running the application server, and potentially perform other more
advanced XXE attacks. (CVE-2013-6408)
All users of Red Hat JBoss Web Framework Kit 2.4.0 as provided from the Red
Hat Customer Portal are advised to apply this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for the solr-core component of Red Hat JBoss Web Framework Kit\n2.4.0 that fixes multiple security issues is now available from the Red Hat\nCustomer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Web Framework Kit combines popular open source web frameworks\ninto a single solution for Java applications. The Apache Solr component is\nan open-source search server based on the Lucene Java search library.\n\nIt was found that the SolrResourceLoader class in Apache Solr allowed\nloading of resources via absolute paths, or relative paths which were not\nsanitized for directory traversal. Some Solr components expose REST\ninterfaces which load resources (XSL style sheets and Velocity templates)\nvia SolrResourceLoader, using paths identified by REST parameters. A remote\nattacker could use this flaw to load arbitrary local files on the server\nvia SolrResourceLoader, potentially resulting in information disclosure or\nremote code execution. (CVE-2013-6397)\n\nIt was found that the XML and XSLT UpdateRequestHandler classes in Apache\nSolr would resolve external entities, allowing an attacker to conduct XML\nExternal Entity (XXE) attacks. A remote attacker could use this flaw to\nread files accessible to the user running the application server, and\npotentially perform other more advanced XXE attacks. (CVE-2012-6612,\nCVE-2013-6407)\n\nIt was found that the DocumentAnalysisRequestHandler class in Apache Solr\nwould resolve external entities, allowing an attacker to conduct XXE\nattacks. A remote attacker could use this flaw to read files accessible to\nthe user running the application server, and potentially perform other more\nadvanced XXE attacks. (CVE-2013-6408)\n\nAll users of Red Hat JBoss Web Framework Kit 2.4.0 as provided from the Red\nHat Customer Portal are advised to apply this update.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2013:1844", url: "https://access.redhat.com/errata/RHSA-2013:1844", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=web.framework.kit&downloadType=securityPatches&version=2.4.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=web.framework.kit&downloadType=securityPatches&version=2.4.0", }, { category: "external", summary: "1035062", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035062", }, { category: "external", summary: "1035981", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035981", }, { category: "external", summary: "1035985", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035985", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1844.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Web Framework Kit 2.4.0 update", tracking: { current_release_date: "2024-11-22T07:19:22+00:00", generator: { date: "2024-11-22T07:19:22+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2013:1844", initial_release_date: "2013-12-16T18:16:00+00:00", revision_history: [ { date: "2013-12-16T18:16:00+00:00", number: "1", summary: "Initial version", }, { date: "2020-06-15T16:41:29+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T07:19:22+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Framework Kit 2.4", product: { name: "Red Hat JBoss Web Framework Kit 2.4", product_id: "Red Hat JBoss Web Framework Kit 2.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_framework:2.4.0", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Framework Kit", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2012-6612", discovery_date: "2013-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1035981", }, ], notes: [ { category: "description", text: "The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.", title: "Vulnerability description", }, { category: "summary", text: "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Framework Kit 2.4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-6612", }, { category: "external", summary: "RHBZ#1035981", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035981", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-6612", url: "https://www.cve.org/CVERecord?id=CVE-2012-6612", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-6612", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-6612", }, ], release_date: "2012-09-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-12-16T18:16:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting installation of Red Hat JBoss Web Framework Kit.\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Web Framework Kit 2.4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1844", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Web Framework Kit 2.4", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler", }, { cve: "CVE-2013-6397", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2013-11-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1035062", }, ], notes: [ { category: "description", text: "Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.", title: "Vulnerability description", }, { category: "summary", text: "Solr: directory traversal when loading XSL stylesheets and Velocity templates", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Framework Kit 2.4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6397", }, { category: "external", summary: "RHBZ#1035062", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035062", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6397", url: "https://www.cve.org/CVERecord?id=CVE-2013-6397", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6397", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6397", }, { category: "external", summary: "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html", url: "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html", }, ], release_date: "2013-11-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-12-16T18:16:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting installation of Red Hat JBoss Web Framework Kit.\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Web Framework Kit 2.4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1844", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, products: [ "Red Hat JBoss Web Framework Kit 2.4", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Solr: directory traversal when loading XSL stylesheets and Velocity templates", }, { cve: "CVE-2013-6407", discovery_date: "2013-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1035981", }, ], notes: [ { category: "description", text: "The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.", title: "Vulnerability description", }, { category: "summary", text: "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Framework Kit 2.4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6407", }, { category: "external", summary: "RHBZ#1035981", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035981", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6407", url: "https://www.cve.org/CVERecord?id=CVE-2013-6407", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6407", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6407", }, ], release_date: "2012-09-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-12-16T18:16:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting installation of Red Hat JBoss Web Framework Kit.\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Web Framework Kit 2.4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1844", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Web Framework Kit 2.4", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler", }, { cve: "CVE-2013-6408", discovery_date: "2013-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1035985", }, ], notes: [ { category: "description", text: "The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407.", title: "Vulnerability description", }, { category: "summary", text: "Solr: XML eXternal Entity (XXE) flaw in DocumentAnalysisRequestHandler", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Framework Kit 2.4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6408", }, { category: "external", summary: "RHBZ#1035985", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035985", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6408", url: "https://www.cve.org/CVERecord?id=CVE-2013-6408", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6408", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6408", }, ], release_date: "2013-05-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-12-16T18:16:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting installation of Red Hat JBoss Web Framework Kit.\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Web Framework Kit 2.4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1844", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Web Framework Kit 2.4", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Solr: XML eXternal Entity (XXE) flaw in DocumentAnalysisRequestHandler", }, ], }
rhsa-2013:1844
Vulnerability from csaf_redhat
Published
2013-12-16 18:16
Modified
2024-11-22 07:19
Summary
Red Hat Security Advisory: Red Hat JBoss Web Framework Kit 2.4.0 update
Notes
Topic
An update for the solr-core component of Red Hat JBoss Web Framework Kit
2.4.0 that fixes multiple security issues is now available from the Red Hat
Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Details
Red Hat JBoss Web Framework Kit combines popular open source web frameworks
into a single solution for Java applications. The Apache Solr component is
an open-source search server based on the Lucene Java search library.
It was found that the SolrResourceLoader class in Apache Solr allowed
loading of resources via absolute paths, or relative paths which were not
sanitized for directory traversal. Some Solr components expose REST
interfaces which load resources (XSL style sheets and Velocity templates)
via SolrResourceLoader, using paths identified by REST parameters. A remote
attacker could use this flaw to load arbitrary local files on the server
via SolrResourceLoader, potentially resulting in information disclosure or
remote code execution. (CVE-2013-6397)
It was found that the XML and XSLT UpdateRequestHandler classes in Apache
Solr would resolve external entities, allowing an attacker to conduct XML
External Entity (XXE) attacks. A remote attacker could use this flaw to
read files accessible to the user running the application server, and
potentially perform other more advanced XXE attacks. (CVE-2012-6612,
CVE-2013-6407)
It was found that the DocumentAnalysisRequestHandler class in Apache Solr
would resolve external entities, allowing an attacker to conduct XXE
attacks. A remote attacker could use this flaw to read files accessible to
the user running the application server, and potentially perform other more
advanced XXE attacks. (CVE-2013-6408)
All users of Red Hat JBoss Web Framework Kit 2.4.0 as provided from the Red
Hat Customer Portal are advised to apply this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for the solr-core component of Red Hat JBoss Web Framework Kit\n2.4.0 that fixes multiple security issues is now available from the Red Hat\nCustomer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Web Framework Kit combines popular open source web frameworks\ninto a single solution for Java applications. The Apache Solr component is\nan open-source search server based on the Lucene Java search library.\n\nIt was found that the SolrResourceLoader class in Apache Solr allowed\nloading of resources via absolute paths, or relative paths which were not\nsanitized for directory traversal. Some Solr components expose REST\ninterfaces which load resources (XSL style sheets and Velocity templates)\nvia SolrResourceLoader, using paths identified by REST parameters. A remote\nattacker could use this flaw to load arbitrary local files on the server\nvia SolrResourceLoader, potentially resulting in information disclosure or\nremote code execution. (CVE-2013-6397)\n\nIt was found that the XML and XSLT UpdateRequestHandler classes in Apache\nSolr would resolve external entities, allowing an attacker to conduct XML\nExternal Entity (XXE) attacks. A remote attacker could use this flaw to\nread files accessible to the user running the application server, and\npotentially perform other more advanced XXE attacks. (CVE-2012-6612,\nCVE-2013-6407)\n\nIt was found that the DocumentAnalysisRequestHandler class in Apache Solr\nwould resolve external entities, allowing an attacker to conduct XXE\nattacks. A remote attacker could use this flaw to read files accessible to\nthe user running the application server, and potentially perform other more\nadvanced XXE attacks. (CVE-2013-6408)\n\nAll users of Red Hat JBoss Web Framework Kit 2.4.0 as provided from the Red\nHat Customer Portal are advised to apply this update.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2013:1844", url: "https://access.redhat.com/errata/RHSA-2013:1844", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=web.framework.kit&downloadType=securityPatches&version=2.4.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=web.framework.kit&downloadType=securityPatches&version=2.4.0", }, { category: "external", summary: "1035062", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035062", }, { category: "external", summary: "1035981", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035981", }, { category: "external", summary: "1035985", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035985", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1844.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Web Framework Kit 2.4.0 update", tracking: { current_release_date: "2024-11-22T07:19:22+00:00", generator: { date: "2024-11-22T07:19:22+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2013:1844", initial_release_date: "2013-12-16T18:16:00+00:00", revision_history: [ { date: "2013-12-16T18:16:00+00:00", number: "1", summary: "Initial version", }, { date: "2020-06-15T16:41:29+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T07:19:22+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Framework Kit 2.4", product: { name: "Red Hat JBoss Web Framework Kit 2.4", product_id: "Red Hat JBoss Web Framework Kit 2.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_framework:2.4.0", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Framework Kit", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2012-6612", discovery_date: "2013-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1035981", }, ], notes: [ { category: "description", text: "The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.", title: "Vulnerability description", }, { category: "summary", text: "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Framework Kit 2.4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-6612", }, { category: "external", summary: "RHBZ#1035981", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035981", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-6612", url: "https://www.cve.org/CVERecord?id=CVE-2012-6612", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-6612", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-6612", }, ], release_date: "2012-09-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-12-16T18:16:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting installation of Red Hat JBoss Web Framework Kit.\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Web Framework Kit 2.4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1844", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Web Framework Kit 2.4", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler", }, { cve: "CVE-2013-6397", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2013-11-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1035062", }, ], notes: [ { category: "description", text: "Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.", title: "Vulnerability description", }, { category: "summary", text: "Solr: directory traversal when loading XSL stylesheets and Velocity templates", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Framework Kit 2.4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6397", }, { category: "external", summary: "RHBZ#1035062", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035062", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6397", url: "https://www.cve.org/CVERecord?id=CVE-2013-6397", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6397", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6397", }, { category: "external", summary: "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html", url: "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html", }, ], release_date: "2013-11-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-12-16T18:16:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting installation of Red Hat JBoss Web Framework Kit.\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Web Framework Kit 2.4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1844", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, products: [ "Red Hat JBoss Web Framework Kit 2.4", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Solr: directory traversal when loading XSL stylesheets and Velocity templates", }, { cve: "CVE-2013-6407", discovery_date: "2013-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1035981", }, ], notes: [ { category: "description", text: "The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.", title: "Vulnerability description", }, { category: "summary", text: "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Framework Kit 2.4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6407", }, { category: "external", summary: "RHBZ#1035981", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035981", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6407", url: "https://www.cve.org/CVERecord?id=CVE-2013-6407", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6407", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6407", }, ], release_date: "2012-09-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-12-16T18:16:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting installation of Red Hat JBoss Web Framework Kit.\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Web Framework Kit 2.4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1844", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Web Framework Kit 2.4", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler", }, { cve: "CVE-2013-6408", discovery_date: "2013-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1035985", }, ], notes: [ { category: "description", text: "The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407.", title: "Vulnerability description", }, { category: "summary", text: "Solr: XML eXternal Entity (XXE) flaw in DocumentAnalysisRequestHandler", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Framework Kit 2.4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6408", }, { category: "external", summary: "RHBZ#1035985", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035985", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6408", url: "https://www.cve.org/CVERecord?id=CVE-2013-6408", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6408", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6408", }, ], release_date: "2013-05-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-12-16T18:16:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting installation of Red Hat JBoss Web Framework Kit.\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Web Framework Kit 2.4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1844", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Web Framework Kit 2.4", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Solr: XML eXternal Entity (XXE) flaw in DocumentAnalysisRequestHandler", }, ], }
rhsa-2014:0029
Vulnerability from csaf_redhat
Published
2014-01-15 17:45
Modified
2024-12-22 17:57
Summary
Red Hat Security Advisory: Red Hat JBoss Data Grid 6.2.0 update
Notes
Topic
Red Hat JBoss Data Grid 6.2.0, which fixes multiple security issues,
various bugs, and adds enhancements, is now available from the Red Hat
Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
Red Hat JBoss Data Grid is a distributed in-memory data grid, based on
Infinispan.
This release of Red Hat JBoss Data Grid 6.2.0 serves as a replacement for
Red Hat JBoss Data Grid 6.1.0. It includes various bug fixes and
enhancements which are detailed in the Red Hat JBoss Data Grid 6.2.0
Release Notes. The Release Notes will be available shortly from
https://access.redhat.com/site/documentation/Red_Hat_JBoss_Data_Grid/
This update also fixes the following security issues:
Multiple path traversal flaws where found in the Mojarra JSF2
implementation for identifying resources by name or by library.
An unauthenticated, remote attacker could use these flaws to gather
otherwise undisclosed information from within an application's root
directory. (CVE-2013-3827)
It was found that the SolrResourceLoader class in Apache Solr allowed
loading of resources via absolute paths, or relative paths which were not
sanitized for directory traversal. Some Solr components expose REST
interfaces which load resources (XSL style sheets and Velocity templates)
via SolrResourceLoader, using paths identified by REST parameters. A remote
attacker could use this flaw to load arbitrary local files on the server
via SolrResourceLoader, potentially resulting in information disclosure or
remote code execution. (CVE-2013-6397)
It was found that the XML and XSLT UpdateRequestHandler classes in Apache
Solr would resolve external entities, allowing an attacker to conduct XML
External Entity (XXE) attacks. A remote attacker could use this flaw to
read files accessible to the user running the application server, and
potentially perform other more advanced XXE attacks. (CVE-2012-6612,
CVE-2013-6407)
It was found that the DocumentAnalysisRequestHandler class in Apache Solr
would resolve external entities, allowing an attacker to conduct XXE
attacks. A remote attacker could use this flaw to read files accessible to
the user running the application server, and potentially perform other more
advanced XXE attacks. (CVE-2013-6408)
The data file used by PicketBox Vault to store encrypted passwords contains
a copy of its own admin key. The file is encrypted using only this admin
key, not the corresponding JKS key. A local attacker with permission to
read the vault data file could read the admin key from the file.
(CVE-2013-1921)
The HawtJNI Library class wrote native libraries to a predictable file name
in /tmp/ when the native libraries were bundled in a JAR file, and no
custom library path was specified. A local attacker could overwrite these
native libraries with malicious versions during the window between when
HawtJNI writes them and when they are executed. (CVE-2013-2035)
A flaw was found in JGroup's DiagnosticsHandler that allowed an attacker on
an adjacent network to reuse the credentials from a previous successful
authentication. This could be exploited to read diagnostic information
(information disclosure) and attain limited remote code execution.
(CVE-2013-4112)
Note that CVE-2013-6397, CVE-2013-6407, and CVE-2013-6408 are not exposed
by default. They are only exploitable if a user has manually exposed
servlets provided in the Apachr Solr component that ships with Red Hat
JBoss Data Grid, or written their own code that makes use of the vulnerable
elements of Apache Solr.
The CVE-2013-2035 issue was discovered by Florian Weimer of the Red Hat
Product Security Team.
All users of Red Hat JBoss Data Grid 6.1.0 as provided from the Red Hat
Customer Portal are advised to upgrade to Red Hat JBoss Data Grid 6.2.0.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Data Grid 6.2.0, which fixes multiple security issues,\nvarious bugs, and adds enhancements, is now available from the Red Hat\nCustomer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Data Grid is a distributed in-memory data grid, based on\nInfinispan.\n\nThis release of Red Hat JBoss Data Grid 6.2.0 serves as a replacement for\nRed Hat JBoss Data Grid 6.1.0. It includes various bug fixes and\nenhancements which are detailed in the Red Hat JBoss Data Grid 6.2.0\nRelease Notes. The Release Notes will be available shortly from\nhttps://access.redhat.com/site/documentation/Red_Hat_JBoss_Data_Grid/\n\nThis update also fixes the following security issues:\n\nMultiple path traversal flaws where found in the Mojarra JSF2\nimplementation for identifying resources by name or by library.\nAn unauthenticated, remote attacker could use these flaws to gather\notherwise undisclosed information from within an application's root\ndirectory. (CVE-2013-3827)\n\nIt was found that the SolrResourceLoader class in Apache Solr allowed\nloading of resources via absolute paths, or relative paths which were not\nsanitized for directory traversal. Some Solr components expose REST\ninterfaces which load resources (XSL style sheets and Velocity templates)\nvia SolrResourceLoader, using paths identified by REST parameters. A remote\nattacker could use this flaw to load arbitrary local files on the server\nvia SolrResourceLoader, potentially resulting in information disclosure or\nremote code execution. (CVE-2013-6397)\n\nIt was found that the XML and XSLT UpdateRequestHandler classes in Apache\nSolr would resolve external entities, allowing an attacker to conduct XML\nExternal Entity (XXE) attacks. A remote attacker could use this flaw to\nread files accessible to the user running the application server, and\npotentially perform other more advanced XXE attacks. (CVE-2012-6612,\nCVE-2013-6407)\n\nIt was found that the DocumentAnalysisRequestHandler class in Apache Solr\nwould resolve external entities, allowing an attacker to conduct XXE\nattacks. A remote attacker could use this flaw to read files accessible to\nthe user running the application server, and potentially perform other more\nadvanced XXE attacks. (CVE-2013-6408)\n\nThe data file used by PicketBox Vault to store encrypted passwords contains\na copy of its own admin key. The file is encrypted using only this admin\nkey, not the corresponding JKS key. A local attacker with permission to\nread the vault data file could read the admin key from the file.\n(CVE-2013-1921)\n\nThe HawtJNI Library class wrote native libraries to a predictable file name\nin /tmp/ when the native libraries were bundled in a JAR file, and no\ncustom library path was specified. A local attacker could overwrite these\nnative libraries with malicious versions during the window between when\nHawtJNI writes them and when they are executed. (CVE-2013-2035)\n\nA flaw was found in JGroup's DiagnosticsHandler that allowed an attacker on\nan adjacent network to reuse the credentials from a previous successful\nauthentication. This could be exploited to read diagnostic information\n(information disclosure) and attain limited remote code execution.\n(CVE-2013-4112)\n\nNote that CVE-2013-6397, CVE-2013-6407, and CVE-2013-6408 are not exposed\nby default. They are only exploitable if a user has manually exposed\nservlets provided in the Apachr Solr component that ships with Red Hat\nJBoss Data Grid, or written their own code that makes use of the vulnerable\nelements of Apache Solr.\n\nThe CVE-2013-2035 issue was discovered by Florian Weimer of the Red Hat\nProduct Security Team.\n\nAll users of Red Hat JBoss Data Grid 6.1.0 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Data Grid 6.2.0.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2014:0029", url: "https://access.redhat.com/errata/RHSA-2014:0029", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid&downloadType=distributions", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid&downloadType=distributions", }, { category: "external", summary: "https://access.redhat.com/site/documentation/Red_Hat_JBoss_Data_Grid/", url: "https://access.redhat.com/site/documentation/Red_Hat_JBoss_Data_Grid/", }, { category: "external", summary: "948106", url: "https://bugzilla.redhat.com/show_bug.cgi?id=948106", }, { category: "external", summary: "958618", url: "https://bugzilla.redhat.com/show_bug.cgi?id=958618", }, { category: "external", summary: "983489", url: "https://bugzilla.redhat.com/show_bug.cgi?id=983489", }, { category: "external", summary: "1035062", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035062", }, { category: "external", summary: "1035981", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035981", }, { category: "external", summary: "1035985", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035985", }, { category: "external", summary: "1038898", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1038898", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0029.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Data Grid 6.2.0 update", tracking: { current_release_date: "2024-12-22T17:57:01+00:00", generator: { date: "2024-12-22T17:57:01+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.4", }, }, id: "RHSA-2014:0029", initial_release_date: "2014-01-15T17:45:50+00:00", revision_history: [ { date: "2014-01-15T17:45:50+00:00", number: "1", summary: "Initial version", }, { date: "2019-02-20T12:32:49+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-22T17:57:01+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Data Grid 6.2", product: { name: "Red Hat JBoss Data Grid 6.2", product_id: "Red Hat JBoss Data Grid 6.2", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_data_grid:6.2.0", }, }, }, ], category: "product_family", name: "Red Hat JBoss Data Grid", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2012-6612", discovery_date: "2013-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1035981", }, ], notes: [ { category: "description", text: "The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.", title: "Vulnerability description", }, { category: "summary", text: "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Grid 6.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-6612", }, { category: "external", summary: "RHBZ#1035981", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035981", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-6612", url: "https://www.cve.org/CVERecord?id=CVE-2012-6612", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-6612", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-6612", }, ], release_date: "2012-09-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-01-15T17:45:50+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation.", product_ids: [ "Red Hat JBoss Data Grid 6.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0029", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Data Grid 6.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler", }, { cve: "CVE-2013-1921", discovery_date: "2013-04-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "948106", }, ], notes: [ { category: "description", text: "PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.", title: "Vulnerability description", }, { category: "summary", text: "PicketBox: Insecure storage of masked passwords", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Grid 6.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-1921", }, { category: "external", summary: "RHBZ#948106", url: "https://bugzilla.redhat.com/show_bug.cgi?id=948106", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-1921", url: "https://www.cve.org/CVERecord?id=CVE-2013-1921", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-1921", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-1921", }, ], release_date: "2013-09-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-01-15T17:45:50+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation.", product_ids: [ "Red Hat JBoss Data Grid 6.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0029", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 1.7, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Data Grid 6.2", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "PicketBox: Insecure storage of masked passwords", }, { acknowledgments: [ { names: [ "Florian Weimer", ], organization: "Red Hat Product Security Team", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2013-2035", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2013-04-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "958618", }, ], notes: [ { category: "description", text: "The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed.", title: "Vulnerability description", }, { category: "summary", text: "HawtJNI: predictable temporary file name leading to local arbitrary code execution", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Grid 6.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-2035", }, { category: "external", summary: "RHBZ#958618", url: "https://bugzilla.redhat.com/show_bug.cgi?id=958618", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-2035", url: "https://www.cve.org/CVERecord?id=CVE-2013-2035", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-2035", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-2035", }, ], release_date: "2013-05-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-01-15T17:45:50+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation.", product_ids: [ "Red Hat JBoss Data Grid 6.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0029", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, products: [ "Red Hat JBoss Data Grid 6.2", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "HawtJNI: predictable temporary file name leading to local arbitrary code execution", }, { cve: "CVE-2013-3827", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2013-12-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1038898", }, ], notes: [ { category: "description", text: "Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container.", title: "Vulnerability description", }, { category: "summary", text: "JSF2: Multiple Information Disclosure flaws due to unsafe path traversal", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Grid 6.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-3827", }, { category: "external", summary: "RHBZ#1038898", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1038898", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-3827", url: "https://www.cve.org/CVERecord?id=CVE-2013-3827", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-3827", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-3827", }, ], release_date: "2013-10-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-01-15T17:45:50+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation.", product_ids: [ "Red Hat JBoss Data Grid 6.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0029", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Data Grid 6.2", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JSF2: Multiple Information Disclosure flaws due to unsafe path traversal", }, { cve: "CVE-2013-4112", discovery_date: "2013-07-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "983489", }, ], notes: [ { category: "description", text: "The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.", title: "Vulnerability description", }, { category: "summary", text: "JGroups: Authentication via cached credentials", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Grid 6.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-4112", }, { category: "external", summary: "RHBZ#983489", url: "https://bugzilla.redhat.com/show_bug.cgi?id=983489", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-4112", url: "https://www.cve.org/CVERecord?id=CVE-2013-4112", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-4112", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-4112", }, ], release_date: "2013-07-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-01-15T17:45:50+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation.", product_ids: [ "Red Hat JBoss Data Grid 6.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0029", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Data Grid 6.2", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "JGroups: Authentication via cached credentials", }, { cve: "CVE-2013-6397", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2013-11-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1035062", }, ], notes: [ { category: "description", text: "Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.", title: "Vulnerability description", }, { category: "summary", text: "Solr: directory traversal when loading XSL stylesheets and Velocity templates", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Grid 6.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6397", }, { category: "external", summary: "RHBZ#1035062", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035062", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6397", url: "https://www.cve.org/CVERecord?id=CVE-2013-6397", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6397", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6397", }, { category: "external", summary: "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html", url: "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html", }, ], release_date: "2013-11-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-01-15T17:45:50+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation.", product_ids: [ "Red Hat JBoss Data Grid 6.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0029", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, products: [ "Red Hat JBoss Data Grid 6.2", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Solr: directory traversal when loading XSL stylesheets and Velocity templates", }, { cve: "CVE-2013-6407", discovery_date: "2013-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1035981", }, ], notes: [ { category: "description", text: "The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.", title: "Vulnerability description", }, { category: "summary", text: "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Grid 6.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6407", }, { category: "external", summary: "RHBZ#1035981", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035981", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6407", url: "https://www.cve.org/CVERecord?id=CVE-2013-6407", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6407", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6407", }, ], release_date: "2012-09-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-01-15T17:45:50+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation.", product_ids: [ "Red Hat JBoss Data Grid 6.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0029", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Data Grid 6.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler", }, { cve: "CVE-2013-6408", discovery_date: "2013-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1035985", }, ], notes: [ { category: "description", text: "The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407.", title: "Vulnerability description", }, { category: "summary", text: "Solr: XML eXternal Entity (XXE) flaw in DocumentAnalysisRequestHandler", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Grid 6.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6408", }, { category: "external", summary: "RHBZ#1035985", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035985", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6408", url: "https://www.cve.org/CVERecord?id=CVE-2013-6408", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6408", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6408", }, ], release_date: "2013-05-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-01-15T17:45:50+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation.", product_ids: [ "Red Hat JBoss Data Grid 6.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0029", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Data Grid 6.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Solr: XML eXternal Entity (XXE) flaw in DocumentAnalysisRequestHandler", }, ], }
rhsa-2014_0029
Vulnerability from csaf_redhat
Published
2014-01-15 17:45
Modified
2024-12-22 17:57
Summary
Red Hat Security Advisory: Red Hat JBoss Data Grid 6.2.0 update
Notes
Topic
Red Hat JBoss Data Grid 6.2.0, which fixes multiple security issues,
various bugs, and adds enhancements, is now available from the Red Hat
Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
Red Hat JBoss Data Grid is a distributed in-memory data grid, based on
Infinispan.
This release of Red Hat JBoss Data Grid 6.2.0 serves as a replacement for
Red Hat JBoss Data Grid 6.1.0. It includes various bug fixes and
enhancements which are detailed in the Red Hat JBoss Data Grid 6.2.0
Release Notes. The Release Notes will be available shortly from
https://access.redhat.com/site/documentation/Red_Hat_JBoss_Data_Grid/
This update also fixes the following security issues:
Multiple path traversal flaws where found in the Mojarra JSF2
implementation for identifying resources by name or by library.
An unauthenticated, remote attacker could use these flaws to gather
otherwise undisclosed information from within an application's root
directory. (CVE-2013-3827)
It was found that the SolrResourceLoader class in Apache Solr allowed
loading of resources via absolute paths, or relative paths which were not
sanitized for directory traversal. Some Solr components expose REST
interfaces which load resources (XSL style sheets and Velocity templates)
via SolrResourceLoader, using paths identified by REST parameters. A remote
attacker could use this flaw to load arbitrary local files on the server
via SolrResourceLoader, potentially resulting in information disclosure or
remote code execution. (CVE-2013-6397)
It was found that the XML and XSLT UpdateRequestHandler classes in Apache
Solr would resolve external entities, allowing an attacker to conduct XML
External Entity (XXE) attacks. A remote attacker could use this flaw to
read files accessible to the user running the application server, and
potentially perform other more advanced XXE attacks. (CVE-2012-6612,
CVE-2013-6407)
It was found that the DocumentAnalysisRequestHandler class in Apache Solr
would resolve external entities, allowing an attacker to conduct XXE
attacks. A remote attacker could use this flaw to read files accessible to
the user running the application server, and potentially perform other more
advanced XXE attacks. (CVE-2013-6408)
The data file used by PicketBox Vault to store encrypted passwords contains
a copy of its own admin key. The file is encrypted using only this admin
key, not the corresponding JKS key. A local attacker with permission to
read the vault data file could read the admin key from the file.
(CVE-2013-1921)
The HawtJNI Library class wrote native libraries to a predictable file name
in /tmp/ when the native libraries were bundled in a JAR file, and no
custom library path was specified. A local attacker could overwrite these
native libraries with malicious versions during the window between when
HawtJNI writes them and when they are executed. (CVE-2013-2035)
A flaw was found in JGroup's DiagnosticsHandler that allowed an attacker on
an adjacent network to reuse the credentials from a previous successful
authentication. This could be exploited to read diagnostic information
(information disclosure) and attain limited remote code execution.
(CVE-2013-4112)
Note that CVE-2013-6397, CVE-2013-6407, and CVE-2013-6408 are not exposed
by default. They are only exploitable if a user has manually exposed
servlets provided in the Apachr Solr component that ships with Red Hat
JBoss Data Grid, or written their own code that makes use of the vulnerable
elements of Apache Solr.
The CVE-2013-2035 issue was discovered by Florian Weimer of the Red Hat
Product Security Team.
All users of Red Hat JBoss Data Grid 6.1.0 as provided from the Red Hat
Customer Portal are advised to upgrade to Red Hat JBoss Data Grid 6.2.0.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Data Grid 6.2.0, which fixes multiple security issues,\nvarious bugs, and adds enhancements, is now available from the Red Hat\nCustomer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Data Grid is a distributed in-memory data grid, based on\nInfinispan.\n\nThis release of Red Hat JBoss Data Grid 6.2.0 serves as a replacement for\nRed Hat JBoss Data Grid 6.1.0. It includes various bug fixes and\nenhancements which are detailed in the Red Hat JBoss Data Grid 6.2.0\nRelease Notes. The Release Notes will be available shortly from\nhttps://access.redhat.com/site/documentation/Red_Hat_JBoss_Data_Grid/\n\nThis update also fixes the following security issues:\n\nMultiple path traversal flaws where found in the Mojarra JSF2\nimplementation for identifying resources by name or by library.\nAn unauthenticated, remote attacker could use these flaws to gather\notherwise undisclosed information from within an application's root\ndirectory. (CVE-2013-3827)\n\nIt was found that the SolrResourceLoader class in Apache Solr allowed\nloading of resources via absolute paths, or relative paths which were not\nsanitized for directory traversal. Some Solr components expose REST\ninterfaces which load resources (XSL style sheets and Velocity templates)\nvia SolrResourceLoader, using paths identified by REST parameters. A remote\nattacker could use this flaw to load arbitrary local files on the server\nvia SolrResourceLoader, potentially resulting in information disclosure or\nremote code execution. (CVE-2013-6397)\n\nIt was found that the XML and XSLT UpdateRequestHandler classes in Apache\nSolr would resolve external entities, allowing an attacker to conduct XML\nExternal Entity (XXE) attacks. A remote attacker could use this flaw to\nread files accessible to the user running the application server, and\npotentially perform other more advanced XXE attacks. (CVE-2012-6612,\nCVE-2013-6407)\n\nIt was found that the DocumentAnalysisRequestHandler class in Apache Solr\nwould resolve external entities, allowing an attacker to conduct XXE\nattacks. A remote attacker could use this flaw to read files accessible to\nthe user running the application server, and potentially perform other more\nadvanced XXE attacks. (CVE-2013-6408)\n\nThe data file used by PicketBox Vault to store encrypted passwords contains\na copy of its own admin key. The file is encrypted using only this admin\nkey, not the corresponding JKS key. A local attacker with permission to\nread the vault data file could read the admin key from the file.\n(CVE-2013-1921)\n\nThe HawtJNI Library class wrote native libraries to a predictable file name\nin /tmp/ when the native libraries were bundled in a JAR file, and no\ncustom library path was specified. A local attacker could overwrite these\nnative libraries with malicious versions during the window between when\nHawtJNI writes them and when they are executed. (CVE-2013-2035)\n\nA flaw was found in JGroup's DiagnosticsHandler that allowed an attacker on\nan adjacent network to reuse the credentials from a previous successful\nauthentication. This could be exploited to read diagnostic information\n(information disclosure) and attain limited remote code execution.\n(CVE-2013-4112)\n\nNote that CVE-2013-6397, CVE-2013-6407, and CVE-2013-6408 are not exposed\nby default. They are only exploitable if a user has manually exposed\nservlets provided in the Apachr Solr component that ships with Red Hat\nJBoss Data Grid, or written their own code that makes use of the vulnerable\nelements of Apache Solr.\n\nThe CVE-2013-2035 issue was discovered by Florian Weimer of the Red Hat\nProduct Security Team.\n\nAll users of Red Hat JBoss Data Grid 6.1.0 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Data Grid 6.2.0.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2014:0029", url: "https://access.redhat.com/errata/RHSA-2014:0029", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid&downloadType=distributions", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid&downloadType=distributions", }, { category: "external", summary: "https://access.redhat.com/site/documentation/Red_Hat_JBoss_Data_Grid/", url: "https://access.redhat.com/site/documentation/Red_Hat_JBoss_Data_Grid/", }, { category: "external", summary: "948106", url: "https://bugzilla.redhat.com/show_bug.cgi?id=948106", }, { category: "external", summary: "958618", url: "https://bugzilla.redhat.com/show_bug.cgi?id=958618", }, { category: "external", summary: "983489", url: "https://bugzilla.redhat.com/show_bug.cgi?id=983489", }, { category: "external", summary: "1035062", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035062", }, { category: "external", summary: "1035981", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035981", }, { category: "external", summary: "1035985", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035985", }, { category: "external", summary: "1038898", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1038898", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0029.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Data Grid 6.2.0 update", tracking: { current_release_date: "2024-12-22T17:57:01+00:00", generator: { date: "2024-12-22T17:57:01+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.4", }, }, id: "RHSA-2014:0029", initial_release_date: "2014-01-15T17:45:50+00:00", revision_history: [ { date: "2014-01-15T17:45:50+00:00", number: "1", summary: "Initial version", }, { date: "2019-02-20T12:32:49+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-22T17:57:01+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Data Grid 6.2", product: { name: "Red Hat JBoss Data Grid 6.2", product_id: "Red Hat JBoss Data Grid 6.2", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_data_grid:6.2.0", }, }, }, ], category: "product_family", name: "Red Hat JBoss Data Grid", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2012-6612", discovery_date: "2013-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1035981", }, ], notes: [ { category: "description", text: "The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.", title: "Vulnerability description", }, { category: "summary", text: "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Grid 6.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-6612", }, { category: "external", summary: "RHBZ#1035981", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035981", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-6612", url: "https://www.cve.org/CVERecord?id=CVE-2012-6612", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-6612", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-6612", }, ], release_date: "2012-09-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-01-15T17:45:50+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation.", product_ids: [ "Red Hat JBoss Data Grid 6.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0029", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Data Grid 6.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler", }, { cve: "CVE-2013-1921", discovery_date: "2013-04-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "948106", }, ], notes: [ { category: "description", text: "PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.", title: "Vulnerability description", }, { category: "summary", text: "PicketBox: Insecure storage of masked passwords", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Grid 6.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-1921", }, { category: "external", summary: "RHBZ#948106", url: "https://bugzilla.redhat.com/show_bug.cgi?id=948106", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-1921", url: "https://www.cve.org/CVERecord?id=CVE-2013-1921", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-1921", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-1921", }, ], release_date: "2013-09-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-01-15T17:45:50+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation.", product_ids: [ "Red Hat JBoss Data Grid 6.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0029", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 1.7, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Data Grid 6.2", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "PicketBox: Insecure storage of masked passwords", }, { acknowledgments: [ { names: [ "Florian Weimer", ], organization: "Red Hat Product Security Team", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2013-2035", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2013-04-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "958618", }, ], notes: [ { category: "description", text: "The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed.", title: "Vulnerability description", }, { category: "summary", text: "HawtJNI: predictable temporary file name leading to local arbitrary code execution", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Grid 6.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-2035", }, { category: "external", summary: "RHBZ#958618", url: "https://bugzilla.redhat.com/show_bug.cgi?id=958618", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-2035", url: "https://www.cve.org/CVERecord?id=CVE-2013-2035", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-2035", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-2035", }, ], release_date: "2013-05-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-01-15T17:45:50+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation.", product_ids: [ "Red Hat JBoss Data Grid 6.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0029", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, products: [ "Red Hat JBoss Data Grid 6.2", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "HawtJNI: predictable temporary file name leading to local arbitrary code execution", }, { cve: "CVE-2013-3827", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2013-12-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1038898", }, ], notes: [ { category: "description", text: "Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container.", title: "Vulnerability description", }, { category: "summary", text: "JSF2: Multiple Information Disclosure flaws due to unsafe path traversal", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Grid 6.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-3827", }, { category: "external", summary: "RHBZ#1038898", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1038898", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-3827", url: "https://www.cve.org/CVERecord?id=CVE-2013-3827", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-3827", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-3827", }, ], release_date: "2013-10-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-01-15T17:45:50+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation.", product_ids: [ "Red Hat JBoss Data Grid 6.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0029", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Data Grid 6.2", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JSF2: Multiple Information Disclosure flaws due to unsafe path traversal", }, { cve: "CVE-2013-4112", discovery_date: "2013-07-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "983489", }, ], notes: [ { category: "description", text: "The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.", title: "Vulnerability description", }, { category: "summary", text: "JGroups: Authentication via cached credentials", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Grid 6.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-4112", }, { category: "external", summary: "RHBZ#983489", url: "https://bugzilla.redhat.com/show_bug.cgi?id=983489", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-4112", url: "https://www.cve.org/CVERecord?id=CVE-2013-4112", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-4112", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-4112", }, ], release_date: "2013-07-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-01-15T17:45:50+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation.", product_ids: [ "Red Hat JBoss Data Grid 6.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0029", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Data Grid 6.2", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "JGroups: Authentication via cached credentials", }, { cve: "CVE-2013-6397", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2013-11-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1035062", }, ], notes: [ { category: "description", text: "Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.", title: "Vulnerability description", }, { category: "summary", text: "Solr: directory traversal when loading XSL stylesheets and Velocity templates", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Grid 6.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6397", }, { category: "external", summary: "RHBZ#1035062", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035062", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6397", url: "https://www.cve.org/CVERecord?id=CVE-2013-6397", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6397", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6397", }, { category: "external", summary: "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html", url: "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html", }, ], release_date: "2013-11-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-01-15T17:45:50+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation.", product_ids: [ "Red Hat JBoss Data Grid 6.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0029", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, products: [ "Red Hat JBoss Data Grid 6.2", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Solr: directory traversal when loading XSL stylesheets and Velocity templates", }, { cve: "CVE-2013-6407", discovery_date: "2013-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1035981", }, ], notes: [ { category: "description", text: "The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.", title: "Vulnerability description", }, { category: "summary", text: "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Grid 6.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6407", }, { category: "external", summary: "RHBZ#1035981", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035981", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6407", url: "https://www.cve.org/CVERecord?id=CVE-2013-6407", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6407", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6407", }, ], release_date: "2012-09-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-01-15T17:45:50+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation.", product_ids: [ "Red Hat JBoss Data Grid 6.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0029", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Data Grid 6.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler", }, { cve: "CVE-2013-6408", discovery_date: "2013-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1035985", }, ], notes: [ { category: "description", text: "The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407.", title: "Vulnerability description", }, { category: "summary", text: "Solr: XML eXternal Entity (XXE) flaw in DocumentAnalysisRequestHandler", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Grid 6.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6408", }, { category: "external", summary: "RHBZ#1035985", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035985", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6408", url: "https://www.cve.org/CVERecord?id=CVE-2013-6408", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6408", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6408", }, ], release_date: "2013-05-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-01-15T17:45:50+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation.", product_ids: [ "Red Hat JBoss Data Grid 6.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0029", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Data Grid 6.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Solr: XML eXternal Entity (XXE) flaw in DocumentAnalysisRequestHandler", }, ], }
RHSA-2013:1844
Vulnerability from csaf_redhat
Published
2013-12-16 18:16
Modified
2024-11-22 07:19
Summary
Red Hat Security Advisory: Red Hat JBoss Web Framework Kit 2.4.0 update
Notes
Topic
An update for the solr-core component of Red Hat JBoss Web Framework Kit
2.4.0 that fixes multiple security issues is now available from the Red Hat
Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Details
Red Hat JBoss Web Framework Kit combines popular open source web frameworks
into a single solution for Java applications. The Apache Solr component is
an open-source search server based on the Lucene Java search library.
It was found that the SolrResourceLoader class in Apache Solr allowed
loading of resources via absolute paths, or relative paths which were not
sanitized for directory traversal. Some Solr components expose REST
interfaces which load resources (XSL style sheets and Velocity templates)
via SolrResourceLoader, using paths identified by REST parameters. A remote
attacker could use this flaw to load arbitrary local files on the server
via SolrResourceLoader, potentially resulting in information disclosure or
remote code execution. (CVE-2013-6397)
It was found that the XML and XSLT UpdateRequestHandler classes in Apache
Solr would resolve external entities, allowing an attacker to conduct XML
External Entity (XXE) attacks. A remote attacker could use this flaw to
read files accessible to the user running the application server, and
potentially perform other more advanced XXE attacks. (CVE-2012-6612,
CVE-2013-6407)
It was found that the DocumentAnalysisRequestHandler class in Apache Solr
would resolve external entities, allowing an attacker to conduct XXE
attacks. A remote attacker could use this flaw to read files accessible to
the user running the application server, and potentially perform other more
advanced XXE attacks. (CVE-2013-6408)
All users of Red Hat JBoss Web Framework Kit 2.4.0 as provided from the Red
Hat Customer Portal are advised to apply this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for the solr-core component of Red Hat JBoss Web Framework Kit\n2.4.0 that fixes multiple security issues is now available from the Red Hat\nCustomer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Web Framework Kit combines popular open source web frameworks\ninto a single solution for Java applications. The Apache Solr component is\nan open-source search server based on the Lucene Java search library.\n\nIt was found that the SolrResourceLoader class in Apache Solr allowed\nloading of resources via absolute paths, or relative paths which were not\nsanitized for directory traversal. Some Solr components expose REST\ninterfaces which load resources (XSL style sheets and Velocity templates)\nvia SolrResourceLoader, using paths identified by REST parameters. A remote\nattacker could use this flaw to load arbitrary local files on the server\nvia SolrResourceLoader, potentially resulting in information disclosure or\nremote code execution. (CVE-2013-6397)\n\nIt was found that the XML and XSLT UpdateRequestHandler classes in Apache\nSolr would resolve external entities, allowing an attacker to conduct XML\nExternal Entity (XXE) attacks. A remote attacker could use this flaw to\nread files accessible to the user running the application server, and\npotentially perform other more advanced XXE attacks. (CVE-2012-6612,\nCVE-2013-6407)\n\nIt was found that the DocumentAnalysisRequestHandler class in Apache Solr\nwould resolve external entities, allowing an attacker to conduct XXE\nattacks. A remote attacker could use this flaw to read files accessible to\nthe user running the application server, and potentially perform other more\nadvanced XXE attacks. (CVE-2013-6408)\n\nAll users of Red Hat JBoss Web Framework Kit 2.4.0 as provided from the Red\nHat Customer Portal are advised to apply this update.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2013:1844", url: "https://access.redhat.com/errata/RHSA-2013:1844", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=web.framework.kit&downloadType=securityPatches&version=2.4.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=web.framework.kit&downloadType=securityPatches&version=2.4.0", }, { category: "external", summary: "1035062", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035062", }, { category: "external", summary: "1035981", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035981", }, { category: "external", summary: "1035985", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035985", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1844.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Web Framework Kit 2.4.0 update", tracking: { current_release_date: "2024-11-22T07:19:22+00:00", generator: { date: "2024-11-22T07:19:22+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2013:1844", initial_release_date: "2013-12-16T18:16:00+00:00", revision_history: [ { date: "2013-12-16T18:16:00+00:00", number: "1", summary: "Initial version", }, { date: "2020-06-15T16:41:29+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T07:19:22+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Framework Kit 2.4", product: { name: "Red Hat JBoss Web Framework Kit 2.4", product_id: "Red Hat JBoss Web Framework Kit 2.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_framework:2.4.0", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Framework Kit", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2012-6612", discovery_date: "2013-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1035981", }, ], notes: [ { category: "description", text: "The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.", title: "Vulnerability description", }, { category: "summary", text: "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Framework Kit 2.4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-6612", }, { category: "external", summary: "RHBZ#1035981", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035981", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-6612", url: "https://www.cve.org/CVERecord?id=CVE-2012-6612", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-6612", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-6612", }, ], release_date: "2012-09-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-12-16T18:16:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting installation of Red Hat JBoss Web Framework Kit.\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Web Framework Kit 2.4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1844", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Web Framework Kit 2.4", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler", }, { cve: "CVE-2013-6397", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2013-11-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1035062", }, ], notes: [ { category: "description", text: "Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.", title: "Vulnerability description", }, { category: "summary", text: "Solr: directory traversal when loading XSL stylesheets and Velocity templates", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Framework Kit 2.4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6397", }, { category: "external", summary: "RHBZ#1035062", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035062", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6397", url: "https://www.cve.org/CVERecord?id=CVE-2013-6397", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6397", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6397", }, { category: "external", summary: "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html", url: "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html", }, ], release_date: "2013-11-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-12-16T18:16:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting installation of Red Hat JBoss Web Framework Kit.\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Web Framework Kit 2.4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1844", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, products: [ "Red Hat JBoss Web Framework Kit 2.4", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Solr: directory traversal when loading XSL stylesheets and Velocity templates", }, { cve: "CVE-2013-6407", discovery_date: "2013-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1035981", }, ], notes: [ { category: "description", text: "The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.", title: "Vulnerability description", }, { category: "summary", text: "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Framework Kit 2.4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6407", }, { category: "external", summary: "RHBZ#1035981", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035981", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6407", url: "https://www.cve.org/CVERecord?id=CVE-2013-6407", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6407", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6407", }, ], release_date: "2012-09-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-12-16T18:16:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting installation of Red Hat JBoss Web Framework Kit.\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Web Framework Kit 2.4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1844", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Web Framework Kit 2.4", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler", }, { cve: "CVE-2013-6408", discovery_date: "2013-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1035985", }, ], notes: [ { category: "description", text: "The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407.", title: "Vulnerability description", }, { category: "summary", text: "Solr: XML eXternal Entity (XXE) flaw in DocumentAnalysisRequestHandler", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Framework Kit 2.4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6408", }, { category: "external", summary: "RHBZ#1035985", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035985", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6408", url: "https://www.cve.org/CVERecord?id=CVE-2013-6408", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6408", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6408", }, ], release_date: "2013-05-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-12-16T18:16:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting installation of Red Hat JBoss Web Framework Kit.\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Web Framework Kit 2.4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1844", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Web Framework Kit 2.4", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Solr: XML eXternal Entity (XXE) flaw in DocumentAnalysisRequestHandler", }, ], }
RHSA-2014:0029
Vulnerability from csaf_redhat
Published
2014-01-15 17:45
Modified
2024-12-22 17:57
Summary
Red Hat Security Advisory: Red Hat JBoss Data Grid 6.2.0 update
Notes
Topic
Red Hat JBoss Data Grid 6.2.0, which fixes multiple security issues,
various bugs, and adds enhancements, is now available from the Red Hat
Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
Red Hat JBoss Data Grid is a distributed in-memory data grid, based on
Infinispan.
This release of Red Hat JBoss Data Grid 6.2.0 serves as a replacement for
Red Hat JBoss Data Grid 6.1.0. It includes various bug fixes and
enhancements which are detailed in the Red Hat JBoss Data Grid 6.2.0
Release Notes. The Release Notes will be available shortly from
https://access.redhat.com/site/documentation/Red_Hat_JBoss_Data_Grid/
This update also fixes the following security issues:
Multiple path traversal flaws where found in the Mojarra JSF2
implementation for identifying resources by name or by library.
An unauthenticated, remote attacker could use these flaws to gather
otherwise undisclosed information from within an application's root
directory. (CVE-2013-3827)
It was found that the SolrResourceLoader class in Apache Solr allowed
loading of resources via absolute paths, or relative paths which were not
sanitized for directory traversal. Some Solr components expose REST
interfaces which load resources (XSL style sheets and Velocity templates)
via SolrResourceLoader, using paths identified by REST parameters. A remote
attacker could use this flaw to load arbitrary local files on the server
via SolrResourceLoader, potentially resulting in information disclosure or
remote code execution. (CVE-2013-6397)
It was found that the XML and XSLT UpdateRequestHandler classes in Apache
Solr would resolve external entities, allowing an attacker to conduct XML
External Entity (XXE) attacks. A remote attacker could use this flaw to
read files accessible to the user running the application server, and
potentially perform other more advanced XXE attacks. (CVE-2012-6612,
CVE-2013-6407)
It was found that the DocumentAnalysisRequestHandler class in Apache Solr
would resolve external entities, allowing an attacker to conduct XXE
attacks. A remote attacker could use this flaw to read files accessible to
the user running the application server, and potentially perform other more
advanced XXE attacks. (CVE-2013-6408)
The data file used by PicketBox Vault to store encrypted passwords contains
a copy of its own admin key. The file is encrypted using only this admin
key, not the corresponding JKS key. A local attacker with permission to
read the vault data file could read the admin key from the file.
(CVE-2013-1921)
The HawtJNI Library class wrote native libraries to a predictable file name
in /tmp/ when the native libraries were bundled in a JAR file, and no
custom library path was specified. A local attacker could overwrite these
native libraries with malicious versions during the window between when
HawtJNI writes them and when they are executed. (CVE-2013-2035)
A flaw was found in JGroup's DiagnosticsHandler that allowed an attacker on
an adjacent network to reuse the credentials from a previous successful
authentication. This could be exploited to read diagnostic information
(information disclosure) and attain limited remote code execution.
(CVE-2013-4112)
Note that CVE-2013-6397, CVE-2013-6407, and CVE-2013-6408 are not exposed
by default. They are only exploitable if a user has manually exposed
servlets provided in the Apachr Solr component that ships with Red Hat
JBoss Data Grid, or written their own code that makes use of the vulnerable
elements of Apache Solr.
The CVE-2013-2035 issue was discovered by Florian Weimer of the Red Hat
Product Security Team.
All users of Red Hat JBoss Data Grid 6.1.0 as provided from the Red Hat
Customer Portal are advised to upgrade to Red Hat JBoss Data Grid 6.2.0.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Data Grid 6.2.0, which fixes multiple security issues,\nvarious bugs, and adds enhancements, is now available from the Red Hat\nCustomer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Data Grid is a distributed in-memory data grid, based on\nInfinispan.\n\nThis release of Red Hat JBoss Data Grid 6.2.0 serves as a replacement for\nRed Hat JBoss Data Grid 6.1.0. It includes various bug fixes and\nenhancements which are detailed in the Red Hat JBoss Data Grid 6.2.0\nRelease Notes. The Release Notes will be available shortly from\nhttps://access.redhat.com/site/documentation/Red_Hat_JBoss_Data_Grid/\n\nThis update also fixes the following security issues:\n\nMultiple path traversal flaws where found in the Mojarra JSF2\nimplementation for identifying resources by name or by library.\nAn unauthenticated, remote attacker could use these flaws to gather\notherwise undisclosed information from within an application's root\ndirectory. (CVE-2013-3827)\n\nIt was found that the SolrResourceLoader class in Apache Solr allowed\nloading of resources via absolute paths, or relative paths which were not\nsanitized for directory traversal. Some Solr components expose REST\ninterfaces which load resources (XSL style sheets and Velocity templates)\nvia SolrResourceLoader, using paths identified by REST parameters. A remote\nattacker could use this flaw to load arbitrary local files on the server\nvia SolrResourceLoader, potentially resulting in information disclosure or\nremote code execution. (CVE-2013-6397)\n\nIt was found that the XML and XSLT UpdateRequestHandler classes in Apache\nSolr would resolve external entities, allowing an attacker to conduct XML\nExternal Entity (XXE) attacks. A remote attacker could use this flaw to\nread files accessible to the user running the application server, and\npotentially perform other more advanced XXE attacks. (CVE-2012-6612,\nCVE-2013-6407)\n\nIt was found that the DocumentAnalysisRequestHandler class in Apache Solr\nwould resolve external entities, allowing an attacker to conduct XXE\nattacks. A remote attacker could use this flaw to read files accessible to\nthe user running the application server, and potentially perform other more\nadvanced XXE attacks. (CVE-2013-6408)\n\nThe data file used by PicketBox Vault to store encrypted passwords contains\na copy of its own admin key. The file is encrypted using only this admin\nkey, not the corresponding JKS key. A local attacker with permission to\nread the vault data file could read the admin key from the file.\n(CVE-2013-1921)\n\nThe HawtJNI Library class wrote native libraries to a predictable file name\nin /tmp/ when the native libraries were bundled in a JAR file, and no\ncustom library path was specified. A local attacker could overwrite these\nnative libraries with malicious versions during the window between when\nHawtJNI writes them and when they are executed. (CVE-2013-2035)\n\nA flaw was found in JGroup's DiagnosticsHandler that allowed an attacker on\nan adjacent network to reuse the credentials from a previous successful\nauthentication. This could be exploited to read diagnostic information\n(information disclosure) and attain limited remote code execution.\n(CVE-2013-4112)\n\nNote that CVE-2013-6397, CVE-2013-6407, and CVE-2013-6408 are not exposed\nby default. They are only exploitable if a user has manually exposed\nservlets provided in the Apachr Solr component that ships with Red Hat\nJBoss Data Grid, or written their own code that makes use of the vulnerable\nelements of Apache Solr.\n\nThe CVE-2013-2035 issue was discovered by Florian Weimer of the Red Hat\nProduct Security Team.\n\nAll users of Red Hat JBoss Data Grid 6.1.0 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Data Grid 6.2.0.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2014:0029", url: "https://access.redhat.com/errata/RHSA-2014:0029", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid&downloadType=distributions", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid&downloadType=distributions", }, { category: "external", summary: "https://access.redhat.com/site/documentation/Red_Hat_JBoss_Data_Grid/", url: "https://access.redhat.com/site/documentation/Red_Hat_JBoss_Data_Grid/", }, { category: "external", summary: "948106", url: "https://bugzilla.redhat.com/show_bug.cgi?id=948106", }, { category: "external", summary: "958618", url: "https://bugzilla.redhat.com/show_bug.cgi?id=958618", }, { category: "external", summary: "983489", url: "https://bugzilla.redhat.com/show_bug.cgi?id=983489", }, { category: "external", summary: "1035062", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035062", }, { category: "external", summary: "1035981", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035981", }, { category: "external", summary: "1035985", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035985", }, { category: "external", summary: "1038898", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1038898", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0029.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Data Grid 6.2.0 update", tracking: { current_release_date: "2024-12-22T17:57:01+00:00", generator: { date: "2024-12-22T17:57:01+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.4", }, }, id: "RHSA-2014:0029", initial_release_date: "2014-01-15T17:45:50+00:00", revision_history: [ { date: "2014-01-15T17:45:50+00:00", number: "1", summary: "Initial version", }, { date: "2019-02-20T12:32:49+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-22T17:57:01+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Data Grid 6.2", product: { name: "Red Hat JBoss Data Grid 6.2", product_id: "Red Hat JBoss Data Grid 6.2", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_data_grid:6.2.0", }, }, }, ], category: "product_family", name: "Red Hat JBoss Data Grid", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2012-6612", discovery_date: "2013-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1035981", }, ], notes: [ { category: "description", text: "The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.", title: "Vulnerability description", }, { category: "summary", text: "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Grid 6.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-6612", }, { category: "external", summary: "RHBZ#1035981", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035981", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-6612", url: "https://www.cve.org/CVERecord?id=CVE-2012-6612", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-6612", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-6612", }, ], release_date: "2012-09-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-01-15T17:45:50+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation.", product_ids: [ "Red Hat JBoss Data Grid 6.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0029", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Data Grid 6.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler", }, { cve: "CVE-2013-1921", discovery_date: "2013-04-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "948106", }, ], notes: [ { category: "description", text: "PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.", title: "Vulnerability description", }, { category: "summary", text: "PicketBox: Insecure storage of masked passwords", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Grid 6.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-1921", }, { category: "external", summary: "RHBZ#948106", url: "https://bugzilla.redhat.com/show_bug.cgi?id=948106", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-1921", url: "https://www.cve.org/CVERecord?id=CVE-2013-1921", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-1921", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-1921", }, ], release_date: "2013-09-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-01-15T17:45:50+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation.", product_ids: [ "Red Hat JBoss Data Grid 6.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0029", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 1.7, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Data Grid 6.2", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "PicketBox: Insecure storage of masked passwords", }, { acknowledgments: [ { names: [ "Florian Weimer", ], organization: "Red Hat Product Security Team", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2013-2035", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2013-04-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "958618", }, ], notes: [ { category: "description", text: "The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed.", title: "Vulnerability description", }, { category: "summary", text: "HawtJNI: predictable temporary file name leading to local arbitrary code execution", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Grid 6.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-2035", }, { category: "external", summary: "RHBZ#958618", url: "https://bugzilla.redhat.com/show_bug.cgi?id=958618", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-2035", url: "https://www.cve.org/CVERecord?id=CVE-2013-2035", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-2035", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-2035", }, ], release_date: "2013-05-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-01-15T17:45:50+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation.", product_ids: [ "Red Hat JBoss Data Grid 6.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0029", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, products: [ "Red Hat JBoss Data Grid 6.2", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "HawtJNI: predictable temporary file name leading to local arbitrary code execution", }, { cve: "CVE-2013-3827", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2013-12-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1038898", }, ], notes: [ { category: "description", text: "Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container.", title: "Vulnerability description", }, { category: "summary", text: "JSF2: Multiple Information Disclosure flaws due to unsafe path traversal", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Grid 6.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-3827", }, { category: "external", summary: "RHBZ#1038898", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1038898", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-3827", url: "https://www.cve.org/CVERecord?id=CVE-2013-3827", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-3827", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-3827", }, ], release_date: "2013-10-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-01-15T17:45:50+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation.", product_ids: [ "Red Hat JBoss Data Grid 6.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0029", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Data Grid 6.2", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JSF2: Multiple Information Disclosure flaws due to unsafe path traversal", }, { cve: "CVE-2013-4112", discovery_date: "2013-07-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "983489", }, ], notes: [ { category: "description", text: "The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.", title: "Vulnerability description", }, { category: "summary", text: "JGroups: Authentication via cached credentials", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Grid 6.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-4112", }, { category: "external", summary: "RHBZ#983489", url: "https://bugzilla.redhat.com/show_bug.cgi?id=983489", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-4112", url: "https://www.cve.org/CVERecord?id=CVE-2013-4112", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-4112", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-4112", }, ], release_date: "2013-07-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-01-15T17:45:50+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation.", product_ids: [ "Red Hat JBoss Data Grid 6.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0029", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Data Grid 6.2", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "JGroups: Authentication via cached credentials", }, { cve: "CVE-2013-6397", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2013-11-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1035062", }, ], notes: [ { category: "description", text: "Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.", title: "Vulnerability description", }, { category: "summary", text: "Solr: directory traversal when loading XSL stylesheets and Velocity templates", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Grid 6.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6397", }, { category: "external", summary: "RHBZ#1035062", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035062", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6397", url: "https://www.cve.org/CVERecord?id=CVE-2013-6397", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6397", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6397", }, { category: "external", summary: "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html", url: "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html", }, ], release_date: "2013-11-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-01-15T17:45:50+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation.", product_ids: [ "Red Hat JBoss Data Grid 6.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0029", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, products: [ "Red Hat JBoss Data Grid 6.2", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Solr: directory traversal when loading XSL stylesheets and Velocity templates", }, { cve: "CVE-2013-6407", discovery_date: "2013-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1035981", }, ], notes: [ { category: "description", text: "The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.", title: "Vulnerability description", }, { category: "summary", text: "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Grid 6.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6407", }, { category: "external", summary: "RHBZ#1035981", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035981", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6407", url: "https://www.cve.org/CVERecord?id=CVE-2013-6407", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6407", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6407", }, ], release_date: "2012-09-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-01-15T17:45:50+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation.", product_ids: [ "Red Hat JBoss Data Grid 6.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0029", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Data Grid 6.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler", }, { cve: "CVE-2013-6408", discovery_date: "2013-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1035985", }, ], notes: [ { category: "description", text: "The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407.", title: "Vulnerability description", }, { category: "summary", text: "Solr: XML eXternal Entity (XXE) flaw in DocumentAnalysisRequestHandler", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Data Grid 6.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6408", }, { category: "external", summary: "RHBZ#1035985", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1035985", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6408", url: "https://www.cve.org/CVERecord?id=CVE-2013-6408", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6408", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6408", }, ], release_date: "2013-05-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-01-15T17:45:50+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation.", product_ids: [ "Red Hat JBoss Data Grid 6.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0029", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Data Grid 6.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Solr: XML eXternal Entity (XXE) flaw in DocumentAnalysisRequestHandler", }, ], }
ghsa-6cpj-3g83-q2j4
Vulnerability from github
Published
2022-05-17 04:50
Modified
2022-07-12 21:32
Summary
Improper Restriction of XML External Entity Reference in Apache Solr
Details
The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.
{ affected: [ { package: { ecosystem: "Maven", name: "org.apache.solr:solr-core", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "4.1.0", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2012-6612", ], database_specific: { cwe_ids: [ "CWE-611", ], github_reviewed: true, github_reviewed_at: "2022-07-12T21:32:13Z", nvd_published_at: "2013-12-07T21:55:00Z", severity: "HIGH", }, details: "The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.", id: "GHSA-6cpj-3g83-q2j4", modified: "2022-07-12T21:32:13Z", published: "2022-05-17T04:50:16Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-6612", }, { type: "WEB", url: "https://github.com/apache/lucene-solr/commit/0d21b900975b7048d2e925d852aeacb9bdc6766c", }, { type: "WEB", url: "https://github.com/apache/lucene-solr/commit/f230486ce6707762c1a6e81655d0fac52887906d", }, { type: "PACKAGE", url: "https://github.com/apache/lucene-solr", }, { type: "WEB", url: "https://issues.apache.org/jira/browse/SOLR-3895", }, { type: "WEB", url: "http://rhn.redhat.com/errata/RHSA-2013-1844.html", }, { type: "WEB", url: "http://rhn.redhat.com/errata/RHSA-2014-0029.html", }, { type: "WEB", url: "http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup", }, ], schema_version: "1.4.0", severity: [], summary: "Improper Restriction of XML External Entity Reference in Apache Solr", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.