[SOLR-2631] PingRequestHandler can infinite loop if called with a qt that points to itsself - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.4, 3.1, 3.2, 3.3
Fix Version/s: 3.4, 4.0-ALPHA
Component/s: Admin UI, search
Labels:
- security

Description

We got a security report to private@lucene.apache.org, that Solr can infinite loop, use 100% CPU and stack overflow, if you execute the following HTTP request:

The qt paramter instructs PingRequestHandler to call the given request handler. This leads to an infinite loop. This is not an security issue, but for an unprotected Solr server with unprotected /solr/select path this makes it stop working.

The fix is to prevent infinite loop by disallowing calling itsself.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

SOLR-2631.patch
01/Jul/11 20:44
0.7 kB
Uwe Schindler

Activity

People

Assignee:: Uwe Schindler

Reporter:: Uwe Schindler

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 01/Jul/11 20:40

Updated:: 16/Feb/17 15:55

Resolved:: 04/Jul/11 16:33