[jira] [Updated] (SOLR-13109) CVE-2015-1832 Against Solr v7.6

2019-01-03 Thread RobertHathaway (JIRA)
[ https://issues.apache.org/jira/browse/SOLR-13109?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] RobertHathaway updated SOLR-13109: -- Description: Threat Level 9/Critical from Sonatype Application Composition Report run Of Solr

[jira] [Updated] (SOLR-13109) CVE-2015-1832 Threat Level 9 Against Solr v7.6. org.apache.derby : derby : 10.9.1.0. XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby befor

2019-01-03 Thread RobertHathaway (JIRA)
[ https://issues.apache.org/jira/browse/SOLR-13109?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] RobertHathaway updated SOLR-13109: -- Summary: CVE-2015-1832 Threat Level 9 Against Solr v7.6. org.apache.derby : derby : 10.9.1.0.

[jira] [Created] (SOLR-13114) CVE-2018-8009 Threat Level 7 Against Solr v7.6. org.apache.hadoop : hadoop-common : 2.7.4. Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.

2019-01-03 Thread RobertHathaway (JIRA)
RobertHathaway created SOLR-13114: - Summary: CVE-2018-8009 Threat Level 7 Against Solr v7.6. org.apache.hadoop : hadoop-common : 2.7.4. Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to

[jira] [Created] (SOLR-13115) CVE-2012-0881(CVE-2013-4002) Threat Level 7 Against Solr v7.6. xerces : xercesImpl : 2.9.1. Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a

2019-01-03 Thread RobertHathaway (JIRA)
RobertHathaway created SOLR-13115: - Summary: CVE-2012-0881(CVE-2013-4002) Threat Level 7 Against Solr v7.6. xerces : xercesImpl : 2.9.1. Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU

[jira] [Created] (SOLR-13109) CVE-2015-1832 Against Solr v7.6

2019-01-03 Thread RobertHathaway (JIRA)
RobertHathaway created SOLR-13109: - Summary: CVE-2015-1832 Against Solr v7.6 Key: SOLR-13109 URL: https://issues.apache.org/jira/browse/SOLR-13109 Project: Solr Issue Type: Bug

[jira] [Created] (SOLR-13112) CVE-2018-14718 Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 might allow remote a

2019-01-03 Thread RobertHathaway (JIRA)
RobertHathaway created SOLR-13112: - Summary: CVE-2018-14718 Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary

[jira] [Created] (SOLR-13113) CVE-2018-1000632 Threat Level 7 Against Solr v7.6. dom4j : dom4j : 1.6.1. dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class:

2019-01-03 Thread RobertHathaway (JIRA)
RobertHathaway created SOLR-13113: - Summary: CVE-2018-1000632 Threat Level 7 Against Solr v7.6. dom4j : dom4j : 1.6.1. dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement,

[jira] [Created] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, vers

2019-01-03 Thread RobertHathaway (JIRA)
RobertHathaway created SOLR-13110: - Summary: CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1

[jira] [Created] (SOLR-13111) CVE-2017-1000190 Threat Level 9 Against Solr v7.6. org.simpleframework : simple-xml : 2.7.1. SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resu

2019-01-03 Thread RobertHathaway (JIRA)
RobertHathaway created SOLR-13111: - Summary: CVE-2017-1000190 Threat Level 9 Against Solr v7.6. org.simpleframework : simple-xml : 2.7.1. SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information

[jira] [Commented] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML j

2019-01-03 Thread RobertHathaway (JIRA)
[ https://issues.apache.org/jira/browse/SOLR-13112?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16733578#comment-16733578 ] RobertHathaway commented on SOLR-13112: --- 5 Total CVE's Against jackson-databind : 2.9.6

[jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jac

2019-01-03 Thread RobertHathaway (JIRA)
[ https://issues.apache.org/jira/browse/SOLR-13112?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] RobertHathaway updated SOLR-13112: -- Summary: CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8