CVE-2019-17558
Published at:
-
30-12-2019 06:15
Last modified:
-
20-02-2022 07:42
Total changes:
-
11
Description
Common Vulnerability Scoring System (CVSS)
High
Attack complexity
Network
Attack vector
High
Availability
High
Confidentiality
High
Integrity
Low
Privileges required
Unchanged
Scope
None
User interaction
7.5
Base score
1.6
5.9
Exploitability score
Impact score
Verification logic
Reference
- https://issues.apache.org/jira/browse/SOLR-13971
- [lucene-issues] 20200107 [jira] [Commented] (SOLR-13971) CVE-2019-17558: Velocity custom template RCE vulnerability-Mailing List, Patch, Vendor Advisory
- [lucene-issues] 20200108 [jira] [Commented] (SOLR-13971) CVE-2019-17558: Velocity custom template RCE vulnerability-Mailing List, Vendor Advisory
- [lucene-issues] 20200108 [GitHub] [lucene-solr] Sachpat opened a new pull request #1156: SOLR-13971-Mailing List, Vendor Advisory
- [lucene-issues] 20200108 [jira] [Updated] (SOLR-14025) CVE-2019-17558: Velocity response writer RCE vulnerability persists after 8.3.1-Mailing List, Vendor Advisory
- [lucene-issues] 20200108 [GitHub] [lucene-solr] Sachpat commented on issue #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability-Mailing List, Vendor Advisory
- [lucene-issues] 20200108 [GitHub] [lucene-solr] Sachpat commented on a change in pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability-Mailing List, Vendor Advisory
- [lucene-issues] 20200108 [GitHub] [lucene-solr] artem-smotrakov commented on a change in pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability-Mailing List, Vendor Advisory
- [lucene-issues] 20200113 [jira] [Commented] (SOLR-14025) CVE-2019-17558: Velocity response writer RCE vulnerability persists after 8.3.1-Mailing List, Patch, Vendor Advisory
- [lucene-issues] 20200113 [GitHub] [lucene-solr] Sachpat commented on issue #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability-Mailing List, Vendor Advisory
- [lucene-issues] 20200113 [GitHub] [lucene-solr] Sachpat closed pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability-Mailing List, Vendor Advisory
- [lucene-issues] 20200113 [GitHub] [lucene-solr] chatman commented on issue #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability-Mailing List, Vendor Advisory
- [lucene-dev] 20200213 Re: 7.7.3 bugfix release-Mailing List, Vendor Advisory
- [lucene-dev] 20200214 Re: 7.7.3 bugfix release-Mailing List, Patch, Vendor Advisory
- [lucene-issues] 20200219 [jira] [Updated] (SOLR-14025) CVE-2019-17558: Velocity response writer RCE vulnerability persists after 8.3.1-Mailing List, Vendor Advisory
- [ambari-issues] 20200220 [jira] [Created] (AMBARI-25482) solr dependence CVE-2019-17558-Mailing List, Vendor Advisory
- [lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1-Mailing List, Vendor Advisory
- [lucene-solr-user] 20200320 Re: CVEs (vulnerabilities) that apply to Solr 8.4.1-Mailing List, Vendor Advisory
- http://packetstormsecurity.com/files/157078/Apache-Solr-8.3.0-Velocity-Template-Remote-Code-Execution.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- [submarine-commits] 20201209 [GitHub] [submarine] QiAnXinCodeSafe opened a new issue #474: There is a vulnerability in Apache Solr 5.5.4,upgrade recommended-Mailing List, Vendor Advisory
- [lucene-solr-user] 20210203 Re: SolrCloud keeps crashing-Mailing List, Vendor Advisory
- [lucene-issues] 20210210 [GitHub] [lucene-solr] rhtham commented on pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability-Mailing List, Vendor Advisory
- [lucene-issues] 20210210 [GitHub] [lucene-solr] rhtham edited a comment on pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability-Mailing List, Vendor Advisory
- [lucene-solr-user] 20210212 CVE-2019-17558 on SOLR 6.1-Mailing List, Vendor Advisory
- [lucene-solr-user] 20210212 Re: CVE-2019-17558 on SOLR 6.1-Mailing List, Vendor Advisory
- [lucene-solr-user] 20210213 Re: CVE-2019-17558 on SOLR 6.1-Mailing List, Vendor Advisory
- [lucene-issues] 20210315 [GitHub] [lucene-solr] erikhatcher commented on pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability-Mailing List, Vendor Advisory
- [druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new pull request #11030: Suppress cves-Mailing List, Vendor Advisory
Keywords