Critical severity9.8NVD Advisory· Published Oct 14, 2017· Updated May 13, 2026

CVE-2017-12629

Description

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.apache.solr:solr-coreMaven	>= 7.0.0, < 7.1.0	7.1.0
org.apache.solr:solr-coreMaven	>= 6.0.0, < 6.6.2	6.6.2
org.apache.solr:solr-coreMaven	>= 5.5.0, < 5.5.5	5.5.5

Affected products

Apache/Solr
cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*
Range: >=5.5.0,<=5.5.4
Red Hat/Jboss Enterprise Application Platform2 versions
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*
Canonical (company)/Ubuntu Linux
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Debian/Debian Linux3 versions
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Patches

3bba91131b52

https://github.com/apache/lucene-solrvia ghsa

commit

d8000beebfb1

https://github.com/apache/lucene-solrvia ghsa

commit

f9fd6e9e2622

https://github.com/apache/lucene-solrvia ghsa

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

s.apache.org/FJDlnvdExploitMailing ListVendor AdvisoryWEB
www.exploit-db.com/exploits/43009/nvdExploitThird Party AdvisoryVDB Entry
mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51UO_6Vy%3Dj8W%3Dx1pMbLW9VJfZyFWz7pAnXJC_OAdSZubA%40mail.gmail.com%3EnvdMailing ListVendor AdvisoryWEB
openwall.com/lists/oss-security/2017/10/13/1nvdMailing ListThird Party AdvisoryWEB
www.securityfocus.com/bid/101261nvdThird Party AdvisoryVDB EntryWEB
access.redhat.com/errata/RHSA-2017:3123nvdThird Party AdvisoryWEB
access.redhat.com/errata/RHSA-2017:3124nvdThird Party AdvisoryWEB
access.redhat.com/errata/RHSA-2017:3244nvdThird Party AdvisoryWEB
access.redhat.com/errata/RHSA-2017:3451nvdThird Party AdvisoryWEB
access.redhat.com/errata/RHSA-2017:3452nvdThird Party AdvisoryWEB
access.redhat.com/errata/RHSA-2018:0002nvdThird Party AdvisoryWEB
access.redhat.com/errata/RHSA-2018:0003nvdThird Party AdvisoryWEB
access.redhat.com/errata/RHSA-2018:0004nvdThird Party AdvisoryWEB
access.redhat.com/errata/RHSA-2018:0005nvdThird Party AdvisoryWEB
github.com/advisories/GHSA-mh7g-99w9-xpjmghsaADVISORY
lists.debian.org/debian-lts-announce/2018/01/msg00028.htmlnvdMailing ListThird Party AdvisoryWEB
nvd.nist.gov/vuln/detail/CVE-2017-12629ghsaADVISORY
twitter.com/ApacheSolr/status/918731485611401216nvdThird Party AdvisoryWEB
twitter.com/joshbressers/status/919258716297420802nvdThird Party AdvisoryWEB
twitter.com/searchtools_avi/status/918904813613543424nvdThird Party AdvisoryWEB
usn.ubuntu.com/4259-1/nvdThird Party Advisory
www.debian.org/security/2018/dsa-4124nvdThird Party AdvisoryWEB
github.com/apache/lucene-solr/commit/3bba91131b5257e64b9d0a2193e1e32a145b2a2ghsaWEB
github.com/apache/lucene-solr/commit/d8000beebfb13ba0b6e754f84c760e11592d8d1ghsaWEB
github.com/apache/lucene-solr/commit/f9fd6e9e26224f26f1542224ce187e04c27b268ghsaWEB
issues.apache.org/jira/browse/SOLR-11477ghsaWEB
lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3EghsaWEB
lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f@%3Coak-issues.jackrabbit.apache.org%3EghsaWEB
lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3EghsaWEB
lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3EghsaWEB
usn.ubuntu.com/4259-1ghsaWEB
www.exploit-db.com/exploits/43009ghsaWEB
lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3Envd
lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f%40%3Coak-issues.jackrabbit.apache.org%3Envd
lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314%40%3Cusers.solr.apache.org%3Envd
lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef%40%3Cusers.solr.apache.org%3Envd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.075
exploit	0.030
kev	0.000
patch	-0.070
ransomware	0.000