https://bugzilla.redhat.com/show_bug.cgi?id=1308619
Bug ID: 1308619 Summary: CVE-2015-8795 solr: multiple XSS vulnerabilities Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: anemec@redhat.com CC: java-sig-commits@lists.fedoraproject.org, puntogil@libero.it
CVE 2015-8795:
Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js.
https://issues.apache.org/jira/browse/SOLR-7346
CVE 2015-8796:
Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL.
https://issues.apache.org/jira/browse/SOLR-7920
CVE 2015-8797:
Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI.
https://issues.apache.org/jira/browse/SOLR-7949
https://bugzilla.redhat.com/show_bug.cgi?id=1308619
Andrej Nemec anemec@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1308620
--- Comment #1 from Andrej Nemec anemec@redhat.com ---
Created solr tracking bugs for this issue:
Affects: fedora-all [bug 1308620]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1308620 [Bug 1308620] CVE-2015-8795 CVE-2015-8796 CVE-2015-8797 solr: multiple XSS vulnerabilities [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1308619 Bug 1308619 depends on bug 1308620, which changed state.
Bug 1308620 Summary: CVE-2015-8795 CVE-2015-8796 CVE-2015-8797 solr: multiple XSS vulnerabilities [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1308620
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |NOTABUG
https://bugzilla.redhat.com/show_bug.cgi?id=1308619
--- Comment #2 from gil cattaneo puntogil@libero.it --- The problem does not exist, because the affected components are not used, due to the inability to use them
https://bugzilla.redhat.com/show_bug.cgi?id=1308619
--- Comment #3 from gil cattaneo puntogil@libero.it --- solr was retired. depend on hadoop that was retired
java-sig-commits@lists.fedoraproject.org