rhsa-2013_1844
Vulnerability from csaf_redhat
Published
2013-12-16 18:16
Modified
2024-11-22 07:19
Summary
Red Hat Security Advisory: Red Hat JBoss Web Framework Kit 2.4.0 update

Notes

Topic
An update for the solr-core component of Red Hat JBoss Web Framework Kit 2.4.0 that fixes multiple security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
Details
Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. The Apache Solr component is an open-source search server based on the Lucene Java search library. It was found that the SolrResourceLoader class in Apache Solr allowed loading of resources via absolute paths, or relative paths which were not sanitized for directory traversal. Some Solr components expose REST interfaces which load resources (XSL style sheets and Velocity templates) via SolrResourceLoader, using paths identified by REST parameters. A remote attacker could use this flaw to load arbitrary local files on the server via SolrResourceLoader, potentially resulting in information disclosure or remote code execution. (CVE-2013-6397) It was found that the XML and XSLT UpdateRequestHandler classes in Apache Solr would resolve external entities, allowing an attacker to conduct XML External Entity (XXE) attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. (CVE-2012-6612, CVE-2013-6407) It was found that the DocumentAnalysisRequestHandler class in Apache Solr would resolve external entities, allowing an attacker to conduct XXE attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. (CVE-2013-6408) All users of Red Hat JBoss Web Framework Kit 2.4.0 as provided from the Red Hat Customer Portal are advised to apply this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.


To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for the solr-core component of Red Hat JBoss Web Framework Kit\n2.4.0 that fixes multiple security issues is now available from the Red Hat\nCustomer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Web Framework Kit combines popular open source web frameworks\ninto a single solution for Java applications. The Apache Solr component is\nan open-source search server based on the Lucene Java search library.\n\nIt was found that the SolrResourceLoader class in Apache Solr allowed\nloading of resources via absolute paths, or relative paths which were not\nsanitized for directory traversal. Some Solr components expose REST\ninterfaces which load resources (XSL style sheets and Velocity templates)\nvia SolrResourceLoader, using paths identified by REST parameters. A remote\nattacker could use this flaw to load arbitrary local files on the server\nvia SolrResourceLoader, potentially resulting in information disclosure or\nremote code execution. (CVE-2013-6397)\n\nIt was found that the XML and XSLT UpdateRequestHandler classes in Apache\nSolr would resolve external entities, allowing an attacker to conduct XML\nExternal Entity (XXE) attacks. A remote attacker could use this flaw to\nread files accessible to the user running the application server, and\npotentially perform other more advanced XXE attacks. (CVE-2012-6612,\nCVE-2013-6407)\n\nIt was found that the DocumentAnalysisRequestHandler class in Apache Solr\nwould resolve external entities, allowing an attacker to conduct XXE\nattacks. A remote attacker could use this flaw to read files accessible to\nthe user running the application server, and potentially perform other more\nadvanced XXE attacks. (CVE-2013-6408)\n\nAll users of Red Hat JBoss Web Framework Kit 2.4.0 as provided from the Red\nHat Customer Portal are advised to apply this update.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2013:1844",
        "url": "https://access.redhat.com/errata/RHSA-2013:1844"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=web.framework.kit\u0026downloadType=securityPatches\u0026version=2.4.0",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=web.framework.kit\u0026downloadType=securityPatches\u0026version=2.4.0"
      },
      {
        "category": "external",
        "summary": "1035062",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1035062"
      },
      {
        "category": "external",
        "summary": "1035981",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1035981"
      },
      {
        "category": "external",
        "summary": "1035985",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1035985"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1844.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Web Framework Kit 2.4.0 update",
    "tracking": {
      "current_release_date": "2024-11-22T07:19:22+00:00",
      "generator": {
        "date": "2024-11-22T07:19:22+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2013:1844",
      "initial_release_date": "2013-12-16T18:16:00+00:00",
      "revision_history": [
        {
          "date": "2013-12-16T18:16:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-06-15T16:41:29+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T07:19:22+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Web Framework Kit 2.4",
                "product": {
                  "name": "Red Hat JBoss Web Framework Kit 2.4",
                  "product_id": "Red Hat JBoss Web Framework Kit 2.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_web_framework:2.4.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Web Framework Kit"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2012-6612",
      "discovery_date": "2013-11-29T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1035981"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Web Framework Kit 2.4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2012-6612"
        },
        {
          "category": "external",
          "summary": "RHBZ#1035981",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1035981"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2012-6612",
          "url": "https://www.cve.org/CVERecord?id=CVE-2012-6612"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-6612",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6612"
        }
      ],
      "release_date": "2012-09-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-12-16T18:16:00+00:00",
          "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting installation of Red Hat JBoss Web Framework Kit.\n\nThe JBoss server process must be restarted for this update to take effect.",
          "product_ids": [
            "Red Hat JBoss Web Framework Kit 2.4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:1844"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "Red Hat JBoss Web Framework Kit 2.4"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler"
    },
    {
      "cve": "CVE-2013-6397",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2013-11-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1035062"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT.  NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Solr: directory traversal when loading XSL stylesheets and Velocity templates",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Web Framework Kit 2.4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-6397"
        },
        {
          "category": "external",
          "summary": "RHBZ#1035062",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1035062"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-6397",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-6397"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-6397",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6397"
        },
        {
          "category": "external",
          "summary": "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html",
          "url": "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html"
        }
      ],
      "release_date": "2013-11-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-12-16T18:16:00+00:00",
          "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting installation of Red Hat JBoss Web Framework Kit.\n\nThe JBoss server process must be restarted for this update to take effect.",
          "product_ids": [
            "Red Hat JBoss Web Framework Kit 2.4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:1844"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "Red Hat JBoss Web Framework Kit 2.4"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Solr: directory traversal when loading XSL stylesheets and Velocity templates"
    },
    {
      "cve": "CVE-2013-6407",
      "discovery_date": "2013-11-29T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1035981"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Web Framework Kit 2.4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-6407"
        },
        {
          "category": "external",
          "summary": "RHBZ#1035981",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1035981"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-6407",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-6407"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-6407",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6407"
        }
      ],
      "release_date": "2012-09-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-12-16T18:16:00+00:00",
          "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting installation of Red Hat JBoss Web Framework Kit.\n\nThe JBoss server process must be restarted for this update to take effect.",
          "product_ids": [
            "Red Hat JBoss Web Framework Kit 2.4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:1844"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "Red Hat JBoss Web Framework Kit 2.4"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler"
    },
    {
      "cve": "CVE-2013-6408",
      "discovery_date": "2013-11-29T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1035985"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Solr: XML eXternal Entity (XXE) flaw in DocumentAnalysisRequestHandler",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Web Framework Kit 2.4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-6408"
        },
        {
          "category": "external",
          "summary": "RHBZ#1035985",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1035985"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-6408",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-6408"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-6408",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6408"
        }
      ],
      "release_date": "2013-05-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-12-16T18:16:00+00:00",
          "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting installation of Red Hat JBoss Web Framework Kit.\n\nThe JBoss server process must be restarted for this update to take effect.",
          "product_ids": [
            "Red Hat JBoss Web Framework Kit 2.4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:1844"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "Red Hat JBoss Web Framework Kit 2.4"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Solr: XML eXternal Entity (XXE) flaw in DocumentAnalysisRequestHandler"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.