CVE-2017-12629 — AI Deep Analysis Summary

🚨 **Essence**: Apache Solr (pre-7.1) has a critical flaw allowing Remote Code Execution (RCE) and Local File Read. 💥 **Consequences**: Attackers can take over the server or steal sensitive data.…

🛡️ **Root Cause**: Two main flaws combined: 1. **XXE** (XML External Entity) in the XML Query Parser. 2. **Unsafe Config API** usage allowing the `add-listener` command to trigger `RunExecutableListener`.…

📦 **Affected**: Apache Solr versions **before 7.1** paired with Apache Lucene **before 7.1**. ⚠️ Note: Elasticsearch uses Lucene but is **NOT** vulnerable to this specific chain.

💀 **Attacker Capabilities**: 1. **Execute Arbitrary Code** (Full RCE). 2. **Read Local Files** (via Blind XXE/FTP wrapper). 📂 Access to sensitive server files is possible.

🔓 **Exploitation Threshold**: **LOW**. The XXE part is available by default for query requests (`deftype=xmlparser`). No authentication required for the initial XXE vector.…

🌍 **Public Exploits**: **YES**. Multiple PoCs exist on GitHub (e.g., Nuclei templates, Awesome-POC). Wild exploitation is highly likely due to easy-to-use scripts.

🔍 **Self-Check**: Scan for Solr instances. Check if version < 7.1. Look for exposed Config API endpoints. Use tools like Nuclei or Xray with specific CVE-2017-12629 templates to detect XXE/RCE vectors.

✅ **Official Fix**: **YES**. Upgrade to **Apache Solr 7.1** or later (and Lucene 7.1+). Vendor advisories from RedHat and Ubuntu confirm patches are available.

🛑 **No Patch?**: 1. **Disable** the XML Query Parser if not needed. 2. **Restrict** access to the Config API (`/admin/cores` or listener endpoints). 3. **Block** external XML parsing inputs. 4.…

🔥 **Urgency**: **CRITICAL**. High impact (RCE) + Low barrier to entry + Public PoCs. Patch immediately or apply strict network controls. Do not ignore!