1. Home
  2. Vulnerabilities
  3. CVE-2019-17558

CVE-2019-17558

CVSS v3.1 7.5 (High)
75% Progress
CVSS v2.0 4.6 (Medium)
46% Progress
EPSS 97.53 % (100th)
97.53% Progress
Affected Products 2
Advisories 3
NVD Status Analyzed
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting params.resource.loader.enabled by defining a response writer with that setting set to true. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is trusted (has been uploaded by an authenticated user).

Weaknesses
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE Status
PUBLISHED
NVD Status
Analyzed
CNA
Apache Software Foundation
Published Date
2019-12-30 17:15:19
(4 years ago)
Updated Date
2024-07-25 14:32:21
(7 weeks ago)
Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
Description
The Apache Solr VelocityResponseWriter plug-in contains an unspecified vulnerability which can allow for remote code execution.
Required Action
Apply updates per vendor instructions.
Known to be Used in Ransomware Campaigns
Unknown
Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-17558
Vendor
Apache
Product
Solr
In CISA Catalog from
2021-11-03
(2 years ago)
Due Date
2022-05-03
(2 years ago)

Affected Products

Apache

Oracle

Configuration #1

    CPE23 From Up To
  Apache Solr from 5.0.0 version and prior 7.7.3 version cpe:2.3:a:apache:solr >= 5.0.0 < 7.7.3
  Apache Solr from 8.0.0 version and prior 8.4.0 version cpe:2.3:a:apache:solr >= 8.0.0 < 8.4.0

Configuration #2

    CPE23 From Up To
  Oracle Primavera Unifier from 17.7 version and 17.12 and prior versions cpe:2.3:a:oracle:primavera_unifier >= 17.7 <= 17.12
  Oracle Primavera Unifier 16.1 cpe:2.3:a:oracle:primavera_unifier:16.1
  Oracle Primavera Unifier 16.2 cpe:2.3:a:oracle:primavera_unifier:16.2
  Oracle Primavera Unifier 18.8 cpe:2.3:a:oracle:primavera_unifier:18.8
  Oracle Primavera Unifier 19.12 cpe:2.3:a:oracle:primavera_unifier:19.12