[
https://issues.apache.org/jira/browse/SOLR-2631?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13058785#comment-13058785
]
Uwe Schindler commented on SOLR-2631:
-------------------------------------
Edoardo Tosca, who reported the issue, gave the following workaround for
solrconfig.xml to fix this by configuration:
{quote}
Ok,
to solve the Ping problem you can add an invariant:
<lst name="defaults">
<str name="q">solrpingquery</str>
<str name="echoParams">all</str>
</lst>
<lst name="invariants">
<str name="qt">search</str>
</lst>
in this case you avoid generating recursive calls to /admin/ping handler
Edo
{quote}
> PingRequestHandler can infinite loop if called with a qt that points to
> itsself
> -------------------------------------------------------------------------------
>
> Key: SOLR-2631
> URL: https://issues.apache.org/jira/browse/SOLR-2631
> Project: Solr
> Issue Type: Bug
> Components: search, web gui
> Affects Versions: 1.4, 3.1, 3.2, 3.3
> Reporter: Uwe Schindler
> Assignee: Uwe Schindler
> Fix For: 3.4, 4.0
>
>
> We got a security report to [email protected], that Solr can infinite
> loop, use 100% CPU and stack overflow, if you execute the following HTTP
> request:
> - http://localhost:8983/solr/select?qt=/admin/ping
> - http://localhost:8983/admin/ping?qt=/admin/ping
> The qt paramter instructs PingRequestHandler to call the given request
> handler. This leads to an infinite loop. This is not an security issue, but
> for an unprotected Solr server with unprotected /solr/select path this makes
> it stop working.
> The fix is to prevent infinite loop by disallowing calling itsself.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
