PingRequestHandler can infinite loop if called with a qt that points to itsself -------------------------------------------------------------------------------
Key: SOLR-2631 URL: https://issues.apache.org/jira/browse/SOLR-2631 Project: Solr Issue Type: Bug Components: search, web gui Affects Versions: 3.2, 3.1, 1.4, 3.3 Reporter: Uwe Schindler Assignee: Uwe Schindler Fix For: 3.4, 4.0 We got a security report to priv...@lucene.apache.org, that Solr can infinite loop, use 100% CPU and stack overflow, if you execute the following HTTP request: - http://localhost:8983/solr/select?qt=/admin/ping - http://localhost:8983/admin/ping?qt=/admin/ping The qt paramter instructs PingRequestHandler to call the given request handler. This leads to an infinite loop. This is not an security issue, but for an unprotected Solr server with unprotected /solr/select path this makes it stop working. The fix is to prevent infinite loop by disallowing calling itsself. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org