CVE-2019-17558 (CNNVD-201912-1225)
HIGH
有利用代码
中文标题:
Apache Solr 注入漏洞
英文标题:
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the Velocit...
CVSS分数:
7.5
发布时间:
2019-12-30 16:36:08
漏洞类型:
注入
状态:
PUBLISHED
数据质量分数:
0.30
数据版本:
v5
漏洞描述
中文描述:
Apache Solr是美国阿帕奇(Apache)基金会的一款基于Lucene(一款全文搜索引擎)的搜索服务器。该产品支持层面搜索、垂直搜索、高亮显示搜索结果等。 Apache Solr 5.0.0版本至8.3.1版本中存在注入漏洞。攻击者可借助Velocity模板利用该漏洞在系统上执行任意代码。
英文描述:
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).
CWE类型:
CWE-74
标签:
webapps
java
@l3x_wong
remote
multiple
Metasploit
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| apache | solr | * | - | - |
cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*
|
| oracle | primavera_unifier | * | - | - |
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
|
| oracle | primavera_unifier | 16.1 | - | - |
cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
|
| oracle | primavera_unifier | 16.2 | - | - |
cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
|
| oracle | primavera_unifier | 18.8 | - | - |
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
|
| oracle | primavera_unifier | 19.12 | - | - |
cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
[lucene-issues] 20200107 [jira] [Commented] (SOLR-13971) CVE-2019-17558: Velocity custom template RCE vulnerability
mailing-list
cve.org
访问
cve.org
[lucene-issues] 20200108 [jira] [Commented] (SOLR-13971) CVE-2019-17558: Velocity custom template RCE vulnerability
mailing-list
cve.org
访问
cve.org
[lucene-issues] 20200108 [jira] [Updated] (SOLR-14025) CVE-2019-17558: Velocity response writer RCE vulnerability persists after 8.3.1
mailing-list
cve.org
访问
cve.org
[lucene-issues] 20200108 [GitHub] [lucene-solr] Sachpat opened a new pull request #1156: SOLR-13971
mailing-list
cve.org
访问
cve.org
[lucene-issues] 20200108 [GitHub] [lucene-solr] Sachpat commented on a change in pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability
mailing-list
cve.org
访问
cve.org
[lucene-issues] 20200108 [GitHub] [lucene-solr] artem-smotrakov commented on a change in pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability
mailing-list
cve.org
访问
cve.org
[lucene-issues] 20200108 [GitHub] [lucene-solr] Sachpat commented on issue #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability
mailing-list
cve.org
访问
cve.org
[lucene-issues] 20200113 [GitHub] [lucene-solr] Sachpat closed pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability
mailing-list
cve.org
访问
cve.org
[lucene-issues] 20200113 [jira] [Commented] (SOLR-14025) CVE-2019-17558: Velocity response writer RCE vulnerability persists after 8.3.1
mailing-list
cve.org
访问
cve.org
[lucene-issues] 20200113 [GitHub] [lucene-solr] chatman commented on issue #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability
mailing-list
cve.org
访问
cve.org
[lucene-issues] 20200113 [GitHub] [lucene-solr] Sachpat commented on issue #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability
mailing-list
cve.org
访问
cve.org
[lucene-dev] 20200213 Re: 7.7.3 bugfix release
mailing-list
cve.org
访问
cve.org
[lucene-dev] 20200214 Re: 7.7.3 bugfix release
mailing-list
cve.org
访问
cve.org
[lucene-issues] 20200219 [jira] [Updated] (SOLR-14025) CVE-2019-17558: Velocity response writer RCE vulnerability persists after 8.3.1
mailing-list
cve.org
访问
cve.org
[ambari-issues] 20200220 [jira] [Created] (AMBARI-25482) solr dependence CVE-2019-17558
mailing-list
cve.org
访问
cve.org
[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1
mailing-list
cve.org
访问
cve.org
[lucene-solr-user] 20200320 Re: CVEs (vulnerabilities) that apply to Solr 8.4.1
mailing-list
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
[submarine-commits] 20201209 [GitHub] [submarine] QiAnXinCodeSafe opened a new issue #474: There is a vulnerability in Apache Solr 5.5.4,upgrade recommended
mailing-list
cve.org
访问
cve.org
[lucene-solr-user] 20210203 Re: SolrCloud keeps crashing
mailing-list
cve.org
访问
cve.org
[lucene-issues] 20210210 [GitHub] [lucene-solr] rhtham edited a comment on pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability
mailing-list
cve.org
访问
cve.org
[lucene-issues] 20210210 [GitHub] [lucene-solr] rhtham commented on pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability
mailing-list
cve.org
访问
cve.org
[lucene-solr-user] 20210212 CVE-2019-17558 on SOLR 6.1
mailing-list
cve.org
访问
cve.org
[lucene-solr-user] 20210212 Re: CVE-2019-17558 on SOLR 6.1
mailing-list
cve.org
访问
cve.org
[lucene-solr-user] 20210213 Re: CVE-2019-17558 on SOLR 6.1
mailing-list
cve.org
访问
cve.org
[lucene-issues] 20210315 [GitHub] [lucene-solr] erikhatcher commented on pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability
mailing-list
cve.org
访问
cve.org
[druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new pull request #11030: Suppress cves
mailing-list
cve.org
访问
cve.org
134c704f-9b21-4f2e-91b3-4a467353bcc0
OTHER
nvd.nist.gov
访问
nvd.nist.gov
ExploitDB EDB-47572
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-47572
EXPLOIT
exploitdb
访问
exploitdb
CVE Reference: CVE-2019-17558
ADVISORY
cve.org
访问
cve.org
ExploitDB EDB-48338
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-48338
EXPLOIT
exploitdb
访问
exploitdb
CVSS评分详情
3.1 (adp)
HIGH
7.5
CVSS向量:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
机密性
HIGH
完整性
HIGH
可用性
HIGH
时间信息
发布时间:
2019-12-30 16:36:08
修改时间:
2025-10-21 23:35:54
创建时间:
2025-11-11 15:35:39
更新时间:
2025-11-11 16:54:12
利用信息
此漏洞有可利用代码!
利用代码数量:
2
利用来源:
未知
未知
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2019-17558 |
2025-11-11 15:20:05 | 2025-11-11 07:35:39 |
| NVD | nvd_CVE-2019-17558 |
2025-11-11 14:56:31 | 2025-11-11 07:44:10 |
| CNNVD | cnnvd_CNNVD-201912-1225 |
2025-11-11 15:10:20 | 2025-11-11 07:55:13 |
| EXPLOITDB | exploitdb_EDB-47572 |
2025-11-11 15:05:23 | 2025-11-11 08:52:33 |
| EXPLOITDB | exploitdb_EDB-48338 |
2025-11-11 15:05:28 | 2025-11-11 08:54:12 |
版本与语言
当前版本:
v5
主要语言:
EN
支持语言:
EN
ZH
其他标识符:
:
:
:
:
安全公告
暂无安全公告信息
变更历史
v5
EXPLOITDB
2025-11-11 16:54:12
references_count: 33 → 35; tags_count: 3 → 6
查看详细变更
- references_count: 33 -> 35
- tags_count: 3 -> 6
v4
EXPLOITDB
2025-11-11 16:52:33
references_count: 30 → 33; tags_count: 0 → 3; data_sources: ['cnnvd', 'cve', 'nvd'] → ['cnnvd', 'cve', 'exploitdb', 'nvd']
查看详细变更
- references_count: 30 -> 33
- tags_count: 0 -> 3
- data_sources: ['cnnvd', 'cve', 'nvd'] -> ['cnnvd', 'cve', 'exploitdb', 'nvd']
v3
CNNVD
2025-11-11 15:55:13
vulnerability_type: 未提取 → 注入; cnnvd_id: 未提取 → CNNVD-201912-1225; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> 注入
- cnnvd_id: 未提取 -> CNNVD-201912-1225
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2
NVD
2025-11-11 15:44:10
affected_products_count: 0 → 6; references_count: 29 → 30; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
- affected_products_count: 0 -> 6
- references_count: 29 -> 30
- data_sources: ['cve'] -> ['cve', 'nvd']