PingRequestHandler can infinite loop if called with a qt that points to itsself
-------------------------------------------------------------------------------
Key: SOLR-2631
URL: https://issues.apache.org/jira/browse/SOLR-2631
Project: Solr
Issue Type: Bug
Components: search, web gui
Affects Versions: 3.2, 3.1, 1.4, 3.3
Reporter: Uwe Schindler
Assignee: Uwe Schindler
Fix For: 3.4, 4.0
We got a security report to [email protected], that Solr can infinite
loop, use 100% CPU and stack overflow, if you execute the following HTTP
request:
- http://localhost:8983/solr/select?qt=/admin/ping
- http://localhost:8983/admin/ping?qt=/admin/ping
The qt paramter instructs PingRequestHandler to call the given request handler.
This leads to an infinite loop. This is not an security issue, but for an
unprotected Solr server with unprotected /solr/select path this makes it stop
working.
The fix is to prevent infinite loop by disallowing calling itsself.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
