Last updated: 9/Mar/2018
Article No: 000015703
Product series: SPA
Products Affected
- SPA Ver. 9.3
Description
Several critical vulnerabilities were discovered in following version of Apache Solr of the Apache Software Foundation:
Apache Solr less than 7.1 (Apache Lucene less than 7.1)
See following sites for more detail:
- CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12629 - Apache Software Foundation
CVE-2017-12629: Several critical vulnerabilities discovered in Apache Solr (XXE & RCE)
Impact
CVE-2017-12629 may impact following product:
| Product | Version | Server | Client |
| SPA Server Environment | 9.3 | v | n/a |
Information may be retrieved or manipulated or DO S attacked when being posted to specific URL, for example:
- Attack for XML external entity reference (XXE attack)
- Arbitrary file execution on SPA-installed machine
Solution
To address these vulnerability issues, you need to add following boot parameters:
- Ddisable.configEdit=true
- -Djetty.host=127.0.0.1
For more information, please contact WingArc1st support team.
Comments
0 comments
Please sign in to leave a comment.