lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Uwe Schindler (JIRA)" <j...@apache.org>
Subject [jira] [Created] (SOLR-2631) PingRequestHandler can infinite loop if called with a qt that points to itsself
Date Fri, 01 Jul 2011 20:41:29 GMT
PingRequestHandler can infinite loop if called with a qt that points to itsself
-------------------------------------------------------------------------------

                 Key: SOLR-2631
                 URL: https://issues.apache.org/jira/browse/SOLR-2631
             Project: Solr
          Issue Type: Bug
          Components: search, web gui
    Affects Versions: 3.2, 3.1, 1.4, 3.3
            Reporter: Uwe Schindler
            Assignee: Uwe Schindler
             Fix For: 3.4, 4.0


We got a security report to private@lucene.apache.org, that Solr can infinite loop, use 100%
CPU and stack overflow, if you execute the following HTTP request: 

- http://localhost:8983/solr/select?qt=/admin/ping
- http://localhost:8983/admin/ping?qt=/admin/ping

The qt paramter instructs PingRequestHandler to call the given request handler. This leads
to an infinite loop. This is not an security issue, but for an unprotected Solr server with
unprotected /solr/select path this makes it stop working.

The fix is to prevent infinite loop by disallowing calling itsself.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message