Skip to content

Commit

Permalink
Merge pull request #101 from jasinner/fix_cvssv2
Browse files Browse the repository at this point in the history 
fixed cvss_v2 formatting for GoSecure/maven-security-versions plugin
  • Loading branch information
@jasinner
jasinner authored Nov 21, 2017
2 parents 1da9af2 + 2c5d2c9 commit 5ed84d0
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
4 changes: 2 additions & 2 deletions database/java/2017/3163.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ cve: 2017-3163
title: "Apache Solr ReplicationHandler path traversal attack"
description: >
When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access
cvss_v2: 5
cvss_v2: 5.0
references:
- https://nvd.nist.gov/vuln/detail/CVE-2017-3163
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163
Expand All @@ -20,4 +20,4 @@ affected:
fixedin:
- "==5.5.4"
- "==5.5.5"
- ">=6.4.1"
- ">=6.4.1"
4 changes: 2 additions & 2 deletions database/java/2017/9803.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ cve: 2017-9803
title: "Security vulnerability in kerberos delegation token functionality"
description: >
Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality (when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider). Firstly, access to the security configuration can be leaked to users other than the solr super user. Secondly, malicious users can exploit this leaked configuration for privilege escalation to further expose/modify private data and/or disrupt operations in the Solr cluster
cvss_v2: 6
cvss_v2: 6.0
references:
- https://nvd.nist.gov/vuln/detail/CVE-2017-9803
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9803
Expand All @@ -15,4 +15,4 @@ affected:
- "<=6.6.0,6.6"
- ">=6.2.0,6.2"
fixedin:
- ">=6.6.1"
- ">=6.6.1"

0 comments on commit 5ed84d0

Please sign in to comment.