gsd-2019-12401
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-12401",
"description": "Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it\u2019s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs.",
"id": "GSD-2019-12401"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-12401"
],
"details": "Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it\u2019s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs.",
"id": "GSD-2019-12401",
"modified": "2023-12-13T01:23:44.256666Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-12401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solr",
"version": {
"version_data": [
{
"version_value": "1.3.0 to 1.4.1"
},
{
"version_value": "3.1.0 to 3.6.2"
},
{
"version_value": "4.0.0 to 4.10.4"
}
]
}
}
]
},
"vendor_name": "Apache"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it\u2019s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML Entity Expansion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[lucene-general] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/7ab5e95a1a0b4f35ffe53f1eb0cb74b4348b49d41b72ac155b843fa2@%3Cgeneral.lucene.apache.org%3E"
},
{
"name": "[lucene-dev] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/048ae6e4f84a88e8856f766320b48ad91f9fca2c6f621aa2c40088fe@%3Cdev.lucene.apache.org%3E"
},
{
"name": "[oss-security] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/09/10/1"
},
{
"name": "[lucene-dev] 20190909 [jira] [Resolved] (SOLR-13750) [CVE-2019-12401] XML Bomb in Apache Solr versions prior to 5.0.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/521d10a19bfb590f86dff41820ccfb11e92281f233a12c882650931e@%3Cdev.lucene.apache.org%3E"
},
{
"name": "[announce] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/1c92300643f48f13bc59b15e3f886ba62bae1798c7d4c2e5c1ece09b@%3Cannounce.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/60a924662ead9aeea74e8ea128d9ca935f8de925aa71b15ab2787d6a@%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[lucene-dev] 20190909 [jira] [Updated] (SOLR-13750) [CVE-2019-12401] XML Bomb in Apache Solr versions prior to 5.0.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/db8eaca456d03c00a66cbe37548978318d424b9997e3fd7f5c65dffe@%3Cdev.lucene.apache.org%3E"
},
{
"name": "[www-announce] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0",
"refsource": "MLIST",
"url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201909.mbox/%3CCAECwjAXU4%3DkAo5DeUJw7Kvk67sgCmajAN7LGZQNjbjZ8gv%3DBdw%40mail.gmail.com%3E"
},
{
"name": "[lucene-dev] 20190911 [jira] [Commented] (SOLR-13750) [CVE-2019-12401] XML Bomb in Apache Solr versions prior to 5.0.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/0ec231c5ed8d242890e21806d25fdd47f80cc47cac278d2fc1c9c579@%3Cdev.lucene.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190926-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190926-0002/"
},
{
"name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12401-XML%20Bomb-Apache%20Solr",
"refsource": "MISC",
"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12401-XML%20Bomb-Apache%20Solr"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[1.3.0,1.4.1],[3.1,3.6.2],[4.0.0,4.10.4]",
"affected_versions": "All versions starting from 1.3.0 up to 1.4.1, all versions starting from 3.1 up to 3.6.2, all versions starting from 4.0.0 up to 4.10.4",
"credit": "Tomas Fernandez",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-776",
"CWE-937"
],
"date": "2019-10-10",
"description": "Solr is vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via the update handler. By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs.",
"fixed_versions": [
"5.0.0"
],
"identifier": "CVE-2019-12401",
"identifiers": [
"CVE-2019-12401"
],
"not_impacted": "All versions before 1.3.0, all versions after 1.4.1 before 3.1, all versions after 3.6.2 before 4.0.0, all versions after 4.10.4",
"package_slug": "maven/org.apache.solr/solr-core",
"pubdate": "2019-09-10",
"solution": "Upgrade to version 5.0.0 or above.",
"title": "XML resource consumption attack",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2019-12401",
"http://mail-archives.us.apache.org/mod_mbox/www-announce/201909.mbox/%3CCAECwjAXU4%3DkAo5DeUJw7Kvk67sgCmajAN7LGZQNjbjZ8gv%3DBdw%40mail.gmail.com%3E"
],
"uuid": "6e086916-6221-4458-b985-7e16169024f7"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.10.4",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.6.2",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.4.1",
"versionStartIncluding": "1.3.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-12401"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it\u2019s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-776"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[www-announce] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0",
"refsource": "MLIST",
"tags": [
"Broken Link",
"Mailing List",
"Vendor Advisory"
],
"url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201909.mbox/%3CCAECwjAXU4%3DkAo5DeUJw7Kvk67sgCmajAN7LGZQNjbjZ8gv%3DBdw%40mail.gmail.com%3E"
},
{
"name": "[lucene-dev] 20190911 [jira] [Commented] (SOLR-13750) [CVE-2019-12401] XML Bomb in Apache Solr versions prior to 5.0.0",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/0ec231c5ed8d242890e21806d25fdd47f80cc47cac278d2fc1c9c579@%3Cdev.lucene.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190926-0002/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190926-0002/"
},
{
"name": "[announce] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/1c92300643f48f13bc59b15e3f886ba62bae1798c7d4c2e5c1ece09b@%3Cannounce.apache.org%3E"
},
{
"name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12401-XML%20Bomb-Apache%20Solr",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12401-XML%20Bomb-Apache%20Solr"
},
{
"name": "[lucene-dev] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/048ae6e4f84a88e8856f766320b48ad91f9fca2c6f621aa2c40088fe@%3Cdev.lucene.apache.org%3E"
},
{
"name": "[oss-security] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/10/1"
},
{
"name": "[lucene-solr-user] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/60a924662ead9aeea74e8ea128d9ca935f8de925aa71b15ab2787d6a@%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[lucene-dev] 20190909 [jira] [Updated] (SOLR-13750) [CVE-2019-12401] XML Bomb in Apache Solr versions prior to 5.0.0",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/db8eaca456d03c00a66cbe37548978318d424b9997e3fd7f5c65dffe@%3Cdev.lucene.apache.org%3E"
},
{
"name": "[lucene-dev] 20190909 [jira] [Resolved] (SOLR-13750) [CVE-2019-12401] XML Bomb in Apache Solr versions prior to 5.0.0",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/521d10a19bfb590f86dff41820ccfb11e92281f233a12c882650931e@%3Cdev.lucene.apache.org%3E"
},
{
"name": "[lucene-general] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/7ab5e95a1a0b4f35ffe53f1eb0cb74b4348b49d41b72ac155b843fa2@%3Cgeneral.lucene.apache.org%3E"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-02-28T15:25Z",
"publishedDate": "2019-09-10T15:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…