SCA: security update for org.apache.solr:solr-core (GHSA-mh7g-99w9-xpjm)

critical Tenable Self-Hosted Container Security Plugin ID 423370

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in
conjunction with use of a Config API add-listener command to reach the RunExecutableListener class.
Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity
expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query
request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload
request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr
server. Note also that the second vulnerability relates to remote code execution using the
RunExecutableListener available on all affected versions of Solr. (CVE-2017-12629)

See Also

https://github.com/advisories/GHSA-mh7g-99w9-xpjm

Plugin Details

Severity: Critical

ID: 423370

Version: Revision 1.4

Type: Local

Family: SCA Checks

Published: 3/29/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

Vendor

Vendor Severity: Critical

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2017-12629

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/17/2018

Vulnerability Publication Date: 10/12/2017

Reference Information

CVE: CVE-2017-12629

BID: 101261

cwe: CWE-611