[jira] [Updated] (SOLR-2631) PingRequestHandler can infinite loop if called with a qt that points to itsself

Uwe Schindler (JIRA) Fri, 01 Jul 2011 13:53:51 -0700

     [ 
https://issues.apache.org/jira/browse/SOLR-2631?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Uwe Schindler updated SOLR-2631:
--------------------------------

    Description: 
We got a security report to priv...@lucene.apache.org, that Solr can infinite 
loop, use 100% CPU and stack overflow, if you execute the following HTTP 
request: 

- http://localhost:8983/solr/select?qt=/admin/ping
- http://localhost:8983/solr/admin/ping?qt=/admin/ping

The qt paramter instructs PingRequestHandler to call the given request handler. 
This leads to an infinite loop. This is not an security issue, but for an 
unprotected Solr server with unprotected /solr/select path this makes it stop 
working.

The fix is to prevent infinite loop by disallowing calling itsself.

  was:
We got a security report to priv...@lucene.apache.org, that Solr can infinite 
loop, use 100% CPU and stack overflow, if you execute the following HTTP 
request: 

- http://localhost:8983/solr/select?qt=/admin/ping
- http://localhost:8983/admin/ping?qt=/admin/ping

The qt paramter instructs PingRequestHandler to call the given request handler. 
This leads to an infinite loop. This is not an security issue, but for an 
unprotected Solr server with unprotected /solr/select path this makes it stop 
working.

The fix is to prevent infinite loop by disallowing calling itsself.


> PingRequestHandler can infinite loop if called with a qt that points to 
> itsself
> -------------------------------------------------------------------------------
>
>                 Key: SOLR-2631
>                 URL: https://issues.apache.org/jira/browse/SOLR-2631
>             Project: Solr
>          Issue Type: Bug
>          Components: search, web gui
>    Affects Versions: 1.4, 3.1, 3.2, 3.3
>            Reporter: Uwe Schindler
>            Assignee: Uwe Schindler
>              Labels: security
>             Fix For: 3.4, 4.0
>
>         Attachments: SOLR-2631.patch
>
>
> We got a security report to priv...@lucene.apache.org, that Solr can infinite 
> loop, use 100% CPU and stack overflow, if you execute the following HTTP 
> request: 
> - http://localhost:8983/solr/select?qt=/admin/ping
> - http://localhost:8983/solr/admin/ping?qt=/admin/ping
> The qt paramter instructs PingRequestHandler to call the given request 
> handler. This leads to an infinite loop. This is not an security issue, but 
> for an unprotected Solr server with unprotected /solr/select path this makes 
> it stop working.
> The fix is to prevent infinite loop by disallowing calling itsself.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

[jira] [Updated] (SOLR-2631) PingRequestHandler can infinite loop if called with a qt that points to itsself

Reply via email to