[
https://issues.apache.org/jira/browse/SOLR-4861?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14150312#comment-14150312
]
Stefan Matheis (steffkes) commented on SOLR-4861:
-------------------------------------------------
[~omgclouds] the reference to L465 doesn't apply anymore, looking for the right
spot in current code .. i'd guess it's this one? right now the only place where
something is written to the response:
{code:title=http://svn.apache.org/viewvc/lucene/dev/trunk/solr/core/src/java/org/apache/solr/client/solrj/embedded/JettySolrRunner.java?view=markup#l523}
public static class Servlet404 extends HttpServlet {
@Override
public void service(HttpServletRequest req, HttpServletResponse res)
throws IOException {
res.sendError(404, "Can not find: " + req.getRequestURI());
}
}
{code}
> Simple reflected cross site scripting vulnerability
> ---------------------------------------------------
>
> Key: SOLR-4861
> URL: https://issues.apache.org/jira/browse/SOLR-4861
> Project: Solr
> Issue Type: Bug
> Components: web gui
> Affects Versions: 4.2, 4.3
> Environment: Requires web ui / Jetty Solr to be exploited.
> Reporter: John Menerick
> Labels: security
>
> There exists a simple XSS via the 404 Jetty / Solr code. Within
> JettySolrRunner.java, line 465, if someone asks for a non-existent page / url
> which contains malicious code, the "Can not find" can be escaped and
> malicious code will be executed on the victim's browser.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
