gsd-2019-0193
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
Aliases
Aliases
{ GSD: { alias: "CVE-2019-0193", description: "In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's \"dataConfig\" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property \"enable.dih.dataConfigParam\" to true.", id: "GSD-2019-0193", }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2019-0193", ], details: "In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's \"dataConfig\" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property \"enable.dih.dataConfigParam\" to true.", id: "GSD-2019-0193", modified: "2023-12-13T01:23:40.007341Z", schema_version: "1.4.0", }, }, namespaces: { "cisa.gov": { cveID: "CVE-2019-0193", dateAdded: "2021-12-10", dueDate: "2022-06-10", product: "Solr", requiredAction: "Apply updates per vendor instructions.", shortDescription: "The optional Apache Solr module DataImportHandler contains a code injection vulnerability.", vendorProject: "Apache", vulnerabilityName: "Apache Solr DataImportHandler Code Injection Vulnerability", }, "cve.org": { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2019-0193", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Solr", version: { version_data: [ { version_value: "Apache Solr all prior to 8.2.0", }, ], }, }, ], }, vendor_name: "Apache", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's \"dataConfig\" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property \"enable.dih.dataConfigParam\" to true.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://issues.apache.org/jira/browse/SOLR-13669", refsource: "CONFIRM", url: "https://issues.apache.org/jira/browse/SOLR-13669", }, { name: "[debian-lts-announce] 20191010 [SECURITY] [DLA 1954-1] lucene-solr security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00013.html", }, { name: "[lucene-issues] 20191025 [jira] [Updated] (SOLR-13873) Is there any fix for CVE-2019-0193 issue for solr 7.7.1", refsource: "MLIST", url: "https://lists.apache.org/thread.html/7143983363f0ba463475be4a8b775077070a08dbf075449b7beb51ee@%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20191025 [jira] [Created] (SOLR-13873) Is there any fix for CVE-2019-0193 issue for solr 7.7.1", refsource: "MLIST", url: "https://lists.apache.org/thread.html/42cc4d334ba33905b872a0aa00d6a481391951c8b1450f01b077ce74@%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20191025 [jira] [Resolved] (SOLR-13873) Is there any fix for CVE-2019-0193 issue for solr 7.7.1", refsource: "MLIST", url: "https://lists.apache.org/thread.html/6f2d61bd8732224c5fd3bdd84798f8e01e4542d3ee2f527a52a81b83@%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20191025 [jira] [Commented] (SOLR-13669) [CVE-2019-0193] Remote Code Execution via DataImportHandler", refsource: "MLIST", url: "https://lists.apache.org/thread.html/1addbb49a1fc0947fb32ca663d76d93cfaade35a4848a76d4b4ded9c@%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20191025 [jira] [Commented] (SOLR-13873) Is there any fix for CVE-2019-0193 issue for solr 7.7.1", refsource: "MLIST", url: "https://lists.apache.org/thread.html/a6e3c09dba52b86d3a1273f82425973e1b0623c415d0e4f121d89eab@%3Cissues.lucene.apache.org%3E", }, { name: "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E", }, { name: "[lucene-issues] 20191129 [jira] [Commented] (SOLR-13669) [CVE-2019-0193] Remote Code Execution via DataImportHandler", refsource: "MLIST", url: "https://lists.apache.org/thread.html/55880d48e38ba9e8c41a3b9e41051dbfdef63b86b0cfeb32967edf03@%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20191130 [jira] [Resolved] (SOLR-13669) [CVE-2019-0193] Remote Code Execution via DataImportHandler", refsource: "MLIST", url: "https://lists.apache.org/thread.html/e85f735fad06a0fb46e74b7e6e9ce7ded20b59637cd9f993310f814d@%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20191130 [jira] [Closed] (SOLR-13669) [CVE-2019-0193] Remote Code Execution via DataImportHandler", refsource: "MLIST", url: "https://lists.apache.org/thread.html/9b0e7a7e3e18d0724f511403b364fc082ff56e3134d84cfece1c82fc@%3Cissues.lucene.apache.org%3E", }, { name: "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E", }, { name: "[lucene-dev] 20200213 Re: 7.7.3 bugfix release", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r339865b276614661770c909be1dd7e862232e3ef0af98bfd85686b51@%3Cdev.lucene.apache.org%3E", }, { name: "[lucene-dev] 20200214 Re: 7.7.3 bugfix release", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r19d23e8640236a3058b4d6c23e5cd663fde182255f5a9d63e0606a66@%3Cdev.lucene.apache.org%3E", }, { name: "[lucene-issues] 20200218 [jira] [Updated] (SOLR-13669) [CVE-2019-0193] Remote Code Execution via DataImportHandler", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r33aed7ad4ee9833c4190a44e2b106efd2deb19504b85e012175540f6@%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20200218 [jira] [Commented] (SOLR-13669) [CVE-2019-0193] Remote Code Execution via DataImportHandler", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rb34d820c21f1708c351f9035d6bc7daf80bfb6ef99b34f7af1d2f699@%3Cissues.lucene.apache.org%3E", }, { name: "[debian-lts-announce] 20200816 [SECURITY] [DLA 2327-1] lucene-solr security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00025.html", }, { name: "[submarine-commits] 20201209 [GitHub] [submarine] QiAnXinCodeSafe opened a new issue #474: There is a vulnerability in Apache Solr 5.5.4,upgrade recommended", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8@%3Ccommits.submarine.apache.org%3E", }, { name: "[druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new pull request #11030: Suppress cves", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E", }, { name: "[solr-users] 20210618 CVE-2021-27905 Apache Solr ReplicationHandler/SSRF vulnerability", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E", }, { name: "[solr-users] 20210618 Re: CVE-2021-27905 Apache Solr ReplicationHandler/SSRF vulnerability", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E", }, { name: "[solr-users] 20210728 Re: CVE-2021-27905 Apache Solr ReplicationHandler/SSRF vulnerability", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E", }, ], }, }, "gitlab.com": { advisories: [ { affected_range: "(,8.2.0)", affected_versions: "All versions before 8.2.0", cvss_v2: "AV:N/AC:L/Au:S/C:C/I:C/A:C", cvss_v3: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", cwe_ids: [ "CWE-1035", "CWE-937", "CWE-94", ], date: "2019-10-10", description: "In Apache Solr, the `DataImportHandler`, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's `dataConfig` parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging/development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. The use of this parameter requires setting the Java System property `enable.dih.dataConfigParam` to `true`.", fixed_versions: [ "8.2.0", ], identifier: "CVE-2019-0193", identifiers: [ "CVE-2019-0193", ], not_impacted: "All versions starting from 8.2.0", package_slug: "maven/org.apache.solr/solr-core", pubdate: "2019-08-01", solution: "Upgrade to version 8.2.0 or above.", title: "Improper Authentication", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2019-0193", "https://issues.apache.org/jira/browse/SOLR-13669", ], uuid: "0fa9ec40-1154-4ff8-909b-7bae8092e751", }, ], }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.2.0", vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2019-0193", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's \"dataConfig\" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property \"enable.dih.dataConfigParam\" to true.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-94", }, ], }, ], }, references: { reference_data: [ { name: "https://issues.apache.org/jira/browse/SOLR-13669", refsource: "CONFIRM", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://issues.apache.org/jira/browse/SOLR-13669", }, { name: "[debian-lts-announce] 20191010 [SECURITY] [DLA 1954-1] lucene-solr security update", refsource: "MLIST", tags: [], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00013.html", }, { name: "[lucene-issues] 20191025 [jira] [Created] (SOLR-13873) Is there any fix for CVE-2019-0193 issue for solr 7.7.1", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/42cc4d334ba33905b872a0aa00d6a481391951c8b1450f01b077ce74@%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20191025 [jira] [Updated] (SOLR-13873) Is there any fix for CVE-2019-0193 issue for solr 7.7.1", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/7143983363f0ba463475be4a8b775077070a08dbf075449b7beb51ee@%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20191025 [jira] [Resolved] (SOLR-13873) Is there any fix for CVE-2019-0193 issue for solr 7.7.1", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/6f2d61bd8732224c5fd3bdd84798f8e01e4542d3ee2f527a52a81b83@%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20191025 [jira] [Commented] (SOLR-13669) [CVE-2019-0193] Remote Code Execution via DataImportHandler", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/1addbb49a1fc0947fb32ca663d76d93cfaade35a4848a76d4b4ded9c@%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20191025 [jira] [Commented] (SOLR-13873) Is there any fix for CVE-2019-0193 issue for solr 7.7.1", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/a6e3c09dba52b86d3a1273f82425973e1b0623c415d0e4f121d89eab@%3Cissues.lucene.apache.org%3E", }, { name: "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E", }, { name: "[lucene-issues] 20191129 [jira] [Commented] (SOLR-13669) [CVE-2019-0193] Remote Code Execution via DataImportHandler", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/55880d48e38ba9e8c41a3b9e41051dbfdef63b86b0cfeb32967edf03@%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20191130 [jira] [Closed] (SOLR-13669) [CVE-2019-0193] Remote Code Execution via DataImportHandler", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/9b0e7a7e3e18d0724f511403b364fc082ff56e3134d84cfece1c82fc@%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20191130 [jira] [Resolved] (SOLR-13669) [CVE-2019-0193] Remote Code Execution via DataImportHandler", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/e85f735fad06a0fb46e74b7e6e9ce7ded20b59637cd9f993310f814d@%3Cissues.lucene.apache.org%3E", }, { name: "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E", }, { name: "[lucene-dev] 20200213 Re: 7.7.3 bugfix release", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/r339865b276614661770c909be1dd7e862232e3ef0af98bfd85686b51@%3Cdev.lucene.apache.org%3E", }, { name: "[lucene-dev] 20200214 Re: 7.7.3 bugfix release", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/r19d23e8640236a3058b4d6c23e5cd663fde182255f5a9d63e0606a66@%3Cdev.lucene.apache.org%3E", }, { name: "[lucene-issues] 20200218 [jira] [Updated] (SOLR-13669) [CVE-2019-0193] Remote Code Execution via DataImportHandler", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/r33aed7ad4ee9833c4190a44e2b106efd2deb19504b85e012175540f6@%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20200218 [jira] [Commented] (SOLR-13669) [CVE-2019-0193] Remote Code Execution via DataImportHandler", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/rb34d820c21f1708c351f9035d6bc7daf80bfb6ef99b34f7af1d2f699@%3Cissues.lucene.apache.org%3E", }, { name: "[debian-lts-announce] 20200816 [SECURITY] [DLA 2327-1] lucene-solr security update", refsource: "MLIST", tags: [], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00025.html", }, { name: "[submarine-commits] 20201209 [GitHub] [submarine] QiAnXinCodeSafe opened a new issue #474: There is a vulnerability in Apache Solr 5.5.4,upgrade recommended", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8@%3Ccommits.submarine.apache.org%3E", }, { name: "[druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new pull request #11030: Suppress cves", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E", }, { name: "[solr-users] 20210618 CVE-2021-27905 Apache Solr ReplicationHandler/SSRF vulnerability", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E", }, { name: "[solr-users] 20210618 Re: CVE-2021-27905 Apache Solr ReplicationHandler/SSRF vulnerability", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E", }, { name: "[solr-users] 20210728 Re: CVE-2021-27905 Apache Solr ReplicationHandler/SSRF vulnerability", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 5.9, }, }, lastModifiedDate: "2021-07-30T14:15Z", publishedDate: "2019-08-01T14:15Z", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.