Security For Everyone

CVE-2017-12629 Scanner

CVE-2017-12629 scanner - Remote Code Execution (RCE) vulnerability in Apache Solr and Apache Lucene

Short Info

Level

Critical

Single Scan

Can be used by

Asset Owner

Estimated Time

15 seconds

Time Interval

29 days

Scan only one

Domain, IPv4, Subdomain

Toolbox

-

Apache Solr and Apache Lucene are open-source search platforms that allow businesses to incorporate full-text search functionality into their applications. Solr is built on top of Lucene and provides enterprise-level indexing, search, and analytics capabilities. These products can be used to enable search features within web applications, e-commerce sites, and other digital interfaces.

One major vulnerability that was detected in Apache Solr and Lucene is CVE-2017-12629. This vulnerability allows attackers to execute remote code by exploiting the XML External Entity (XXE) expansion. Through the use of a Config API add-listener command, the attacker can reach the RunExecutableListener class in versions of Solr before 7.1 and versions of Lucene before 7.1.

When exploited, this vulnerability can lead to serious consequences for businesses that rely on Solr and Lucene to power their search functionality. Attackers can use XXE to upload malicious data through the /upload request handler or execute code through the RunExecutableListener to gain access to sensitive data or perform malicious actions on the server. This can lead to significant financial loss, reputational damage, and legal consequences.

At s4e.io, we offer pro features that can help businesses identify vulnerabilities in their digital assets quickly and easily. Our platform provides real-time threat intelligence and actionable insights to help protect against cyber threats such as CVE-2017-12629. By using our services, businesses can ensure that their applications and systems are secure against known vulnerabilities and emerging threats.

REFERENCES

Get started to protecting your Free Full Security Scan

Start trial See the plans