Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1179795 - (CVE-2014-3628) CVE-2014-3628 solr: Cross-site scripting (XSS) vulnerability via the fieldvaluecache object
CVE-2014-3628 solr: Cross-site scripting (XSS) vulnerability via the fieldval...
Status: CLOSED WONTFIX
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20141229,reported=2...
: Reopened, Security
Depends On:
Blocks: 1179814
  Show dependency treegraph
 
Reported: 2015-01-07 10:08 EST by Vasyl Kaigorodov
Modified: 2015-01-13 03:16 EST (History)
3 users (show)

See Also:
Fixed In Version: Apache Solr 4.10.3
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-01-12 15:36:29 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Vasyl Kaigorodov 2015-01-07 10:08:18 EST 
Common Vulnerabilities and Exposures assigned an identifier CVE-2014-3628 to
the following vulnerability:

Name: CVE-2014-3628
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3628
Assigned: 20140514
Reference: http://secunia.com/advisories/62024

Cross-site scripting (XSS) vulnerability in the Admin UI Plugin /
Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to
inject arbitrary web script or HTML via the fieldvaluecache object.
Comment 1 gil cattaneo 2015-01-07 10:17:05 EST 
Solr 4.10.3 will be updated soon, are waiting to be able to fill. because requires Lucene 4.10.3. I do not know if it will be possible to upgrade it for F21 since Lucene is a dependency of eclipse.
Close this bug
Comment 2 Vasyl Kaigorodov 2015-01-07 10:31:02 EST 
(In reply to gil cattaneo from comment #1)
> Solr 4.10.3 will be updated soon, are waiting to be able to fill. because
> requires Lucene 4.10.3. I do not know if it will be possible to upgrade it
> for F21 since Lucene is a dependency of eclipse.
> Close this bug

Thanks for the comment, marked Fedora versions as "notaffected".
This bug should be opened though, Solr is shipped in other Red Hat products and we need to check if these are affected or not.
Please don't close this bug.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.