WCM RnD created SOLR-15529:
------------------------------
Summary: High security vulnerability in JDOM library bundled
within Solr 8.9 CVE-2021-33813
Key: SOLR-15529
URL: https://issues.apache.org/jira/browse/SOLR-15529
Project: Solr
Issue Type: Bug
Affects Versions: 8.8.1
Reporter: WCM RnD
High security vulnerability ahs been reported in the Jetty jar bundled within
Solr:
h2. BDSA-2021-0848
*Affected Component(s):* Jetty: Java based HTTP, Servlet, SPDY, WebSocket
Server, Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server
*Vulnerability Published:* 2021-04-02 06:29 EDT
*Vulnerability Updated:* 2021-04-02 06:29 EDT
*CVSS Score:* 6.7 (overall), {color:#ff0000}7.5{color} (base)
*Summary*: Eclipse Jetty is vulnerable to Denial-of-Service (DoS) via invalid
TLS frames. An attacker could exploit this by sending a TLS frame with a size
in excess of 17408 resulting in excessive resource consumption leading to a DoS
condition.
*Solution*: Fixed in
[*10.0.2*|https://github.com/eclipse/jetty.project/releases/tag/jetty-10.0.2]
and
[*11.0.2*|https://github.com/eclipse/jetty.project/releases/tag/jetty-11.0.2]
by
[this|https://github.com/eclipse/jetty.project/commit/be22761a20a1685365c8e0356bf09b47e574cfd9]
and
[this|https://github.com/eclipse/jetty.project/commit/039c7386d0f3087d7c8aa19ea6001b24c95b9f16]
commit. Fixed in
[*9.4.39.v20210325*|https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.39.v20210325]
by
[this|https://github.com/eclipse/jetty.project/commit/00d379c94ba865dced2025c2d1bc3e2e0e41e880]
and
[this|https://github.com/eclipse/jetty.project/commit/294b2ba02b667548617a94cd99592110ac230add]
commit.
h2. BDSA-2021-0849
*Affected Component(s):* Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket
Server
*Vulnerability Published:* 2021-04-02 06:55 EDT
*Vulnerability Updated:* 2021-04-02 06:55 EDT
*CVSS Score:* 4.6 (overall), 5.3 (base)
*Summary*: Eclipse Jetty is vulnerable to sensitive data exposure via default
compliance mode. An attacker could exploit this by using a URL containing
{{%2e}} or {{%2e%2e}} segments. These were improperly allowed to access
protected resources in the {{WEB-INF}} directory.
*Solution*: Fixed in
[*9.4.39.v20210325*|https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.39.v20210325]
by
[this|https://github.com/eclipse/jetty.project/commit/e412c8a15b3334b30193f40412c0fbc47e478e83]
commit.
h2. BDSA-2021-0850
*Affected Component(s):* Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket
Server
*Vulnerability Published:* 2021-04-02 09:09 EDT
*Vulnerability Updated:* 2021-04-02 09:09 EDT
*CVSS Score:* 2.4 (overall), 2.7 (base)
*Summary*: Eclipse Jetty is vulnerable to sensitive data exposure via symlink
directory. A high privileged attacker could exploit this in order to view the
contents of a symlink webapp directory.
h2. CVE-2021-28163
*Vulnerability Published:* 2021-04-01 11:15 EDT
*Vulnerability Updated:* 2021-04-01 11:30 EDT
*CVSS Score:* (under review, not scored yet - updates will be reported in
issue comments)
*Summary*: In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and
11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink,
the contents of the webapps directory is deployed as a static webapp,
inadvertently serving the webapps themselves and anything else that might be in
that directory.
h2. CVE-2021-28164
*Vulnerability Published:* 2021-04-01 11:15 EDT
*Vulnerability Updated:* 2021-04-01 11:30 EDT
*CVSS Score:* (under review, not scored yet - updates will be reported in
issue comments)
*Summary*: In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default
compliance mode allows requests with URIs that contain %2e or %2e%2e segments
to access protected resources within the WEB-INF directory. For example a
request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can
reveal sensitive information regarding the implementation of a web application.
h2. CVE-2021-28165
*Vulnerability Published:* 2021-04-01 11:15 EDT
*Vulnerability Updated:* 2021-04-01 11:30 EDT
*CVSS Score:* (under review, not scored yet - updates will be reported in
issue comments)
*Summary*: In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and
11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large
invalid TLS frame.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
