| Title | Apache Software Foundation の Apache Solr における相対パストラバーサルの脆弱性 |
|---|---|
| Summary | Apache Software Foundation の Apache Solr には、相対パストラバーサルの脆弱性が存在します。 |
| Possible impacts | 情報を取得される、および情報を改ざんされる可能性があります。 |
| Solution | ベンダアドバイザリまたはパッチ情報が公開されています。参考情報を参照して適切な対策を実施してください。 |
| Publication Date | Nov. 4, 2024, midnight |
| Registration Date | July 31, 2025, 5:23 p.m. |
| Last Update | July 31, 2025, 5:23 p.m. |
| CVSS3.0 : 警告 | |
| Score | 5.4 |
|---|---|
| Vector | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
| Apache Software Foundation |
| Apache Solr 6.6.0 以上 9.8.0 未満 |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2025年07月31日] 掲載 | July 31, 2025, 4:46 p.m. |
| Summary | Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths to write data to unanticipated parts of the filesystem. Users are recommended to upgrade to version 9.8.0, which fixes the issue. Users unable to upgrade may also safely prevent the issue by using Solr's "Rule-Based Authentication Plugin" to restrict access to the configset upload API, so that it can only be accessed by a trusted set of administrators/users. |
|---|---|
| Publication Date | Jan. 27, 2025, 6:15 p.m. |
| Registration Date | Jan. 28, 2025, 4 a.m. |
| Last Update | Jan. 27, 2025, 6:15 p.m. |