Search for vulnerabilities
Vulnerability details: VCID-y2ff-qfxj-aaar
Vulnerability ID VCID-y2ff-qfxj-aaar
Aliases CVE-2017-12629
GHSA-mh7g-99w9-xpjm
Summary Remote code execution occurs in Apache Solr
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-611 Improper Restriction of XML External Entity Reference
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-138 Improper Neutralization of Special Elements
System Score Found at
generic_textual High http://mail-archives.apache.org/mod_mbox/lucene-dev/201710.mbox/%3CCAKrJsP=twErMhzf+FtUMOpCk7+r0pK35hAqoqf_ZtvEoshTgjQ@mail.gmail.com%3E
cvssv3.1 9.8 http://mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51UO_6Vy%3Dj8W%3Dx1pMbLW9VJfZyFWz7pAnXJC_OAdSZubA%40mail.gmail.com%3E
generic_textual CRITICAL http://mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51UO_6Vy%3Dj8W%3Dx1pMbLW9VJfZyFWz7pAnXJC_OAdSZubA%40mail.gmail.com%3E
cvssv3.1 9.8 http://openwall.com/lists/oss-security/2017/10/13/1
generic_textual CRITICAL http://openwall.com/lists/oss-security/2017/10/13/1
generic_textual High http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12629.html
rhas Moderate https://access.redhat.com/errata/RHSA-2017:3123
rhas Moderate https://access.redhat.com/errata/RHSA-2017:3124
rhas Important https://access.redhat.com/errata/RHSA-2017:3244
rhas Moderate https://access.redhat.com/errata/RHSA-2017:3451
rhas Moderate https://access.redhat.com/errata/RHSA-2017:3452
rhas Important https://access.redhat.com/errata/RHSA-2018:0002
rhas Important https://access.redhat.com/errata/RHSA-2018:0003
rhas Important https://access.redhat.com/errata/RHSA-2018:0004
rhas Important https://access.redhat.com/errata/RHSA-2018:0005
rhas Critical https://access.redhat.com/errata/RHSA-2020:2561
cvssv3 9.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12629.json
epss 0.93776 https://api.first.org/data/v1/epss?cve=CVE-2017-12629
epss 0.93776 https://api.first.org/data/v1/epss?cve=CVE-2017-12629
epss 0.93891 https://api.first.org/data/v1/epss?cve=CVE-2017-12629
epss 0.93891 https://api.first.org/data/v1/epss?cve=CVE-2017-12629
epss 0.93891 https://api.first.org/data/v1/epss?cve=CVE-2017-12629
epss 0.93891 https://api.first.org/data/v1/epss?cve=CVE-2017-12629
epss 0.93891 https://api.first.org/data/v1/epss?cve=CVE-2017-12629
epss 0.93915 https://api.first.org/data/v1/epss?cve=CVE-2017-12629
epss 0.93915 https://api.first.org/data/v1/epss?cve=CVE-2017-12629
epss 0.93915 https://api.first.org/data/v1/epss?cve=CVE-2017-12629
epss 0.93915 https://api.first.org/data/v1/epss?cve=CVE-2017-12629
epss 0.93915 https://api.first.org/data/v1/epss?cve=CVE-2017-12629
epss 0.93915 https://api.first.org/data/v1/epss?cve=CVE-2017-12629
epss 0.93915 https://api.first.org/data/v1/epss?cve=CVE-2017-12629
epss 0.93915 https://api.first.org/data/v1/epss?cve=CVE-2017-12629
epss 0.93915 https://api.first.org/data/v1/epss?cve=CVE-2017-12629
epss 0.97082 https://api.first.org/data/v1/epss?cve=CVE-2017-12629
epss 0.97082 https://api.first.org/data/v1/epss?cve=CVE-2017-12629
epss 0.97082 https://api.first.org/data/v1/epss?cve=CVE-2017-12629
epss 0.97406 https://api.first.org/data/v1/epss?cve=CVE-2017-12629
epss 0.97406 https://api.first.org/data/v1/epss?cve=CVE-2017-12629
epss 0.97406 https://api.first.org/data/v1/epss?cve=CVE-2017-12629
rhbs urgent https://bugzilla.redhat.com/show_bug.cgi?id=1501529
generic_textual High https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12629
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163
cvssv3.1_qr CRITICAL https://github.com/advisories/GHSA-mh7g-99w9-xpjm
cvssv3.1 9.8 https://github.com/apache/lucene
generic_textual CRITICAL https://github.com/apache/lucene
cvssv3.1 9.8 https://github.com/apache/lucene-solr/commit/3bba91131b5257e64b9d0a2193e1e32a145b2a2
generic_textual CRITICAL https://github.com/apache/lucene-solr/commit/3bba91131b5257e64b9d0a2193e1e32a145b2a2
cvssv3.1 9.8 https://github.com/apache/lucene-solr/commit/d8000beebfb13ba0b6e754f84c760e11592d8d1
generic_textual CRITICAL https://github.com/apache/lucene-solr/commit/d8000beebfb13ba0b6e754f84c760e11592d8d1
cvssv3.1 9.8 https://github.com/apache/lucene-solr/commit/f9fd6e9e26224f26f1542224ce187e04c27b268
generic_textual CRITICAL https://github.com/apache/lucene-solr/commit/f9fd6e9e26224f26f1542224ce187e04c27b268
cvssv3.1 7.5 https://github.com/AsyncHttpClient/async-http-client/issues/1455
generic_textual HIGH https://github.com/AsyncHttpClient/async-http-client/issues/1455
cvssv3.1 9.8 https://issues.apache.org/jira/browse/SOLR-11477
generic_textual CRITICAL https://issues.apache.org/jira/browse/SOLR-11477
cvssv3.1 7.1 https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E
cvssv3.1 7.2 https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3E
cvssv3.1 9.8 https://lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f@%3Coak-issues.jackrabbit.apache.org%3E
generic_textual CRITICAL https://lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f@%3Coak-issues.jackrabbit.apache.org%3E
cvssv3.1 7.1 https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E
cvssv3.1 7.2 https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314%40%3Cusers.solr.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314%40%3Cusers.solr.apache.org%3E
cvssv3.1 7.1 https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E
cvssv3.1 7.2 https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef%40%3Cusers.solr.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef%40%3Cusers.solr.apache.org%3E
cvssv3.1 9.8 https://lists.debian.org/debian-lts-announce/2018/01/msg00028.html
generic_textual CRITICAL https://lists.debian.org/debian-lts-announce/2018/01/msg00028.html
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2017-12629
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2017-12629
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2017-12629
cvssv3.1 9.8 https://s.apache.org/FJDl
generic_textual CRITICAL https://s.apache.org/FJDl
cvssv3.1 9.8 https://twitter.com/ApacheSolr/status/918731485611401216
generic_textual CRITICAL https://twitter.com/ApacheSolr/status/918731485611401216
cvssv3.1 9.8 https://twitter.com/joshbressers/status/919258716297420802
generic_textual CRITICAL https://twitter.com/joshbressers/status/919258716297420802
cvssv3.1 9.8 https://twitter.com/searchtools_avi/status/918904813613543424
generic_textual CRITICAL https://twitter.com/searchtools_avi/status/918904813613543424
generic_textual High https://ubuntu.com/security/notices/USN-4259-1
cvssv3.1 9.8 https://usn.ubuntu.com/4259-1
generic_textual CRITICAL https://usn.ubuntu.com/4259-1
generic_textual High https://usn.ubuntu.com/usn/usn-4259-1
cvssv3.1 7.5 https://www.debian.org/security/2018/dsa-4124
generic_textual HIGH https://www.debian.org/security/2018/dsa-4124
cvssv3.1 9.8 https://www.exploit-db.com/exploits/43009
generic_textual CRITICAL https://www.exploit-db.com/exploits/43009
cvssv3.1 9.8 http://www.securityfocus.com/bid/101261
generic_textual CRITICAL http://www.securityfocus.com/bid/101261
Reference id Reference type URL
http://mail-archives.apache.org/mod_mbox/lucene-dev/201710.mbox/%3CCAKrJsP=twErMhzf+FtUMOpCk7+r0pK35hAqoqf_ZtvEoshTgjQ@mail.gmail.com%3E
http://mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51UO_6Vy%3Dj8W%3Dx1pMbLW9VJfZyFWz7pAnXJC_OAdSZubA%40mail.gmail.com%3E
http://openwall.com/lists/oss-security/2017/10/13/1
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12629.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12629.json
https://api.first.org/data/v1/epss?cve=CVE-2017-12629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163
https://github.com/apache/lucene
https://github.com/apache/lucene-solr/commit/3bba91131b5257e64b9d0a2193e1e32a145b2a2
https://github.com/apache/lucene-solr/commit/926cc4d65b6d2cc40ff07f76d50ddeda947e3cc
https://github.com/apache/lucene-solr/commit/d28baa3fc5566b47f1ca7cc2ba1aba658dc634a
https://github.com/apache/lucene-solr/commit/d8000beebfb13ba0b6e754f84c760e11592d8d1
https://github.com/apache/lucene-solr/commit/f9fd6e9e26224f26f1542224ce187e04c27b268
https://github.com/AsyncHttpClient/async-http-client/issues/1455
https://issues.apache.org/jira/browse/SOLR-11477
https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E
https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3E
https://lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f@%3Coak-issues.jackrabbit.apache.org%3E
https://lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f%40%3Coak-issues.jackrabbit.apache.org%3E
https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E
https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314%40%3Cusers.solr.apache.org%3E
https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E
https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef%40%3Cusers.solr.apache.org%3E
https://lists.debian.org/debian-lts-announce/2018/01/msg00028.html
https://s.apache.org/FJDl
https://twitter.com/ApacheSolr/status/918731485611401216
https://twitter.com/joshbressers/status/919258716297420802
https://twitter.com/searchtools_avi/status/918904813613543424
https://ubuntu.com/security/notices/USN-4259-1
https://usn.ubuntu.com/4259-1
https://usn.ubuntu.com/4259-1/
https://usn.ubuntu.com/usn/usn-4259-1
https://www.debian.org/security/2018/dsa-4124
https://www.exploit-db.com/exploits/43009
https://www.exploit-db.com/exploits/43009/
http://www.securityfocus.com/bid/101261
1501529 https://bugzilla.redhat.com/show_bug.cgi?id=1501529
cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVE-2017-12629 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/xml/webapps/43009.txt
CVE-2017-12629 https://nvd.nist.gov/vuln/detail/CVE-2017-12629
CVE-2017-12629 http://www.cvedetails.com/cve/CVE-2017-12629/
GHSA-mh7g-99w9-xpjm https://github.com/advisories/GHSA-mh7g-99w9-xpjm
RHSA-2017:3123 https://access.redhat.com/errata/RHSA-2017:3123
RHSA-2017:3124 https://access.redhat.com/errata/RHSA-2017:3124
RHSA-2017:3244 https://access.redhat.com/errata/RHSA-2017:3244
RHSA-2017:3451 https://access.redhat.com/errata/RHSA-2017:3451
RHSA-2017:3452 https://access.redhat.com/errata/RHSA-2017:3452
RHSA-2018:0002 https://access.redhat.com/errata/RHSA-2018:0002
RHSA-2018:0003 https://access.redhat.com/errata/RHSA-2018:0003
RHSA-2018:0004 https://access.redhat.com/errata/RHSA-2018:0004
RHSA-2018:0005 https://access.redhat.com/errata/RHSA-2018:0005
RHSA-2020:2561 https://access.redhat.com/errata/RHSA-2020:2561
RHSA-2023:1334 https://access.redhat.com/errata/RHSA-2023:1334
Data source Exploit-DB
Date added Oct. 17, 2017
Description Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution
Ransomware campaign use Known
Source publication date Oct. 17, 2017
Exploit type webapps
Platform xml
Source update date Oct. 17, 2017
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51UO_6Vy%3Dj8W%3Dx1pMbLW9VJfZyFWz7pAnXJC_OAdSZubA%40mail.gmail.com%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://openwall.com/lists/oss-security/2017/10/13/1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12629.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/apache/lucene
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/apache/lucene-solr/commit/3bba91131b5257e64b9d0a2193e1e32a145b2a2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/apache/lucene-solr/commit/d8000beebfb13ba0b6e754f84c760e11592d8d1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/apache/lucene-solr/commit/f9fd6e9e26224f26f1542224ce187e04c27b268
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/AsyncHttpClient/async-http-client/issues/1455
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://issues.apache.org/jira/browse/SOLR-11477
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N Found at https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f@%3Coak-issues.jackrabbit.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N Found at https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314%40%3Cusers.solr.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N Found at https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef%40%3Cusers.solr.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2018/01/msg00028.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2017-12629
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-12629
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-12629
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://s.apache.org/FJDl
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://twitter.com/ApacheSolr/status/918731485611401216
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://twitter.com/joshbressers/status/919258716297420802
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://twitter.com/searchtools_avi/status/918904813613543424
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://usn.ubuntu.com/4259-1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.debian.org/security/2018/dsa-4124
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/43009
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/bid/101261
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.99849
EPSS Score 0.93776
Published At June 12, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.