You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Stefan Matheis (steffkes) (JIRA)" <ji...@apache.org> on 2014/09/27 03:17:33 UTC
[jira] [Commented] (SOLR-4861) Simple reflected cross site
scripting vulnerability
[ https://issues.apache.org/jira/browse/SOLR-4861?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14150312#comment-14150312 ]
Stefan Matheis (steffkes) commented on SOLR-4861:
-------------------------------------------------
[~omgclouds] the reference to L465 doesn't apply anymore, looking for the right spot in current code .. i'd guess it's this one? right now the only place where something is written to the response:
{code:title=http://svn.apache.org/viewvc/lucene/dev/trunk/solr/core/src/java/org/apache/solr/client/solrj/embedded/JettySolrRunner.java?view=markup#l523}
public static class Servlet404 extends HttpServlet {
@Override
public void service(HttpServletRequest req, HttpServletResponse res)
throws IOException {
res.sendError(404, "Can not find: " + req.getRequestURI());
}
}
{code}
> Simple reflected cross site scripting vulnerability
> ---------------------------------------------------
>
> Key: SOLR-4861
> URL: https://issues.apache.org/jira/browse/SOLR-4861
> Project: Solr
> Issue Type: Bug
> Components: web gui
> Affects Versions: 4.2, 4.3
> Environment: Requires web ui / Jetty Solr to be exploited.
> Reporter: John Menerick
> Labels: security
>
> There exists a simple XSS via the 404 Jetty / Solr code. Within JettySolrRunner.java, line 465, if someone asks for a non-existent page / url which contains malicious code, the "Can not find" can be escaped and malicious code will be executed on the victim's browser.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org