lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Uwe Schindler (JIRA)" <>
Subject [jira] [Commented] (SOLR-2631) PingRequestHandler can infinite loop if called with a qt that points to itsself
Date Fri, 01 Jul 2011 20:43:28 GMT


Uwe Schindler commented on SOLR-2631:

Edoardo Tosca, who reported the issue, gave the following workaround for solrconfig.xml to
fix this by configuration:

to solve the Ping problem you can add an invariant:
<lst name="defaults">
      <str name="q">solrpingquery</str>
      <str name="echoParams">all</str>
<lst name="invariants">
      <str name="qt">search</str>

in this case you avoid generating recursive calls to /admin/ping handler


> PingRequestHandler can infinite loop if called with a qt that points to itsself
> -------------------------------------------------------------------------------
>                 Key: SOLR-2631
>                 URL:
>             Project: Solr
>          Issue Type: Bug
>          Components: search, web gui
>    Affects Versions: 1.4, 3.1, 3.2, 3.3
>            Reporter: Uwe Schindler
>            Assignee: Uwe Schindler
>             Fix For: 3.4, 4.0
> We got a security report to, that Solr can infinite loop, use
100% CPU and stack overflow, if you execute the following HTTP request: 
> - http://localhost:8983/solr/select?qt=/admin/ping
> - http://localhost:8983/admin/ping?qt=/admin/ping
> The qt paramter instructs PingRequestHandler to call the given request handler. This
leads to an infinite loop. This is not an security issue, but for an unprotected Solr server
with unprotected /solr/select path this makes it stop working.
> The fix is to prevent infinite loop by disallowing calling itsself.

This message is automatically generated by JIRA.
For more information on JIRA, see:


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message