Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2024-52012

Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API.  Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths to write data to unanticipated parts of the filesystem.   This issue affects Apache Solr: from 6.6 through 9.7.0. Users are recommended to upgrade to version 9.8.0, which fixes the issue.  Users unable to upgrade may also safely prevent the issue by using Solr's "Rule-Based Authentication Plugin" to restrict access to the configset upload API, so that it can only be accessed by a trusted set of administrators/users.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.2%
CVSS Severity
CVSS v3 Score 5.4
Products affected by CVE-2024-52012
  • Apache » Solr » Version: 6.6.0
    cpe:2.3:a:apache:solr:6.6.0
  • Apache » Solr » Version: 6.6.1
    cpe:2.3:a:apache:solr:6.6.1
  • Apache » Solr » Version: 6.6.2
    cpe:2.3:a:apache:solr:6.6.2
  • Apache » Solr » Version: 6.6.3
    cpe:2.3:a:apache:solr:6.6.3
  • Apache » Solr » Version: 6.6.4
    cpe:2.3:a:apache:solr:6.6.4
  • Apache » Solr » Version: 6.6.5
    cpe:2.3:a:apache:solr:6.6.5
  • Apache » Solr » Version: 6.6.6
    cpe:2.3:a:apache:solr:6.6.6
  • Apache » Solr » Version: 7.0.0
    cpe:2.3:a:apache:solr:7.0.0
  • Apache » Solr » Version: 7.0.1
    cpe:2.3:a:apache:solr:7.0.1
  • Apache » Solr » Version: 7.1.0
    cpe:2.3:a:apache:solr:7.1.0
  • Apache » Solr » Version: 7.2.0
    cpe:2.3:a:apache:solr:7.2.0
  • Apache » Solr » Version: 7.2.1
    cpe:2.3:a:apache:solr:7.2.1
  • Apache » Solr » Version: 7.3.0
    cpe:2.3:a:apache:solr:7.3.0
  • Apache » Solr » Version: 7.3.1
    cpe:2.3:a:apache:solr:7.3.1
  • Apache » Solr » Version: 7.4.0
    cpe:2.3:a:apache:solr:7.4.0
  • Apache » Solr » Version: 7.5.0
    cpe:2.3:a:apache:solr:7.5.0
  • Apache » Solr » Version: 7.6.0
    cpe:2.3:a:apache:solr:7.6.0
  • Apache » Solr » Version: 7.7.0
    cpe:2.3:a:apache:solr:7.7.0
  • Apache » Solr » Version: 7.7.1
    cpe:2.3:a:apache:solr:7.7.1
  • Apache » Solr » Version: 7.7.2
    cpe:2.3:a:apache:solr:7.7.2
  • Apache » Solr » Version: 7.7.3
    cpe:2.3:a:apache:solr:7.7.3
  • Apache » Solr » Version: 8.0.0
    cpe:2.3:a:apache:solr:8.0.0
  • Apache » Solr » Version: 8.1.0
    cpe:2.3:a:apache:solr:8.1.0
  • Apache » Solr » Version: 8.1.1
    cpe:2.3:a:apache:solr:8.1.1
  • Apache » Solr » Version: 8.1.2
    cpe:2.3:a:apache:solr:8.1.2
  • Apache » Solr » Version: 8.10.0
    cpe:2.3:a:apache:solr:8.10.0
  • Apache » Solr » Version: 8.10.1
    cpe:2.3:a:apache:solr:8.10.1
  • Apache » Solr » Version: 8.11.0
    cpe:2.3:a:apache:solr:8.11.0
  • Apache » Solr » Version: 8.11.1
    cpe:2.3:a:apache:solr:8.11.1
  • Apache » Solr » Version: 8.11.2
    cpe:2.3:a:apache:solr:8.11.2
  • Apache » Solr » Version: 8.11.3
    cpe:2.3:a:apache:solr:8.11.3
  • Apache » Solr » Version: 8.11.4
    cpe:2.3:a:apache:solr:8.11.4
  • Apache » Solr » Version: 8.2.0
    cpe:2.3:a:apache:solr:8.2.0
  • Apache » Solr » Version: 8.3.0
    cpe:2.3:a:apache:solr:8.3.0
  • Apache » Solr » Version: 8.3.1
    cpe:2.3:a:apache:solr:8.3.1
  • Apache » Solr » Version: 8.4.0
    cpe:2.3:a:apache:solr:8.4.0
  • Apache » Solr » Version: 8.4.1
    cpe:2.3:a:apache:solr:8.4.1
  • Apache » Solr » Version: 8.5.0
    cpe:2.3:a:apache:solr:8.5.0
  • Apache » Solr » Version: 8.5.1
    cpe:2.3:a:apache:solr:8.5.1
  • Apache » Solr » Version: 8.5.2
    cpe:2.3:a:apache:solr:8.5.2
  • Apache » Solr » Version: 8.6.0
    cpe:2.3:a:apache:solr:8.6.0
  • Apache » Solr » Version: 8.6.1
    cpe:2.3:a:apache:solr:8.6.1
  • Apache » Solr » Version: 8.6.2
    cpe:2.3:a:apache:solr:8.6.2
  • Apache » Solr » Version: 8.6.3
    cpe:2.3:a:apache:solr:8.6.3
  • Apache » Solr » Version: 8.8.1
    cpe:2.3:a:apache:solr:8.8.1
  • Apache » Solr » Version: 8.8.2
    cpe:2.3:a:apache:solr:8.8.2
  • Apache » Solr » Version: 8.9
    cpe:2.3:a:apache:solr:8.9
  • Apache » Solr » Version: 9.0.0
    cpe:2.3:a:apache:solr:9.0.0
  • Apache » Solr » Version: 9.1.0
    cpe:2.3:a:apache:solr:9.1.0
  • Apache » Solr » Version: 9.1.1
    cpe:2.3:a:apache:solr:9.1.1
  • Apache » Solr » Version: 9.2.0
    cpe:2.3:a:apache:solr:9.2.0
  • Apache » Solr » Version: 9.2.1
    cpe:2.3:a:apache:solr:9.2.1
  • Apache » Solr » Version: 9.3.0
    cpe:2.3:a:apache:solr:9.3.0
  • Apache » Solr » Version: 9.4.0
    cpe:2.3:a:apache:solr:9.4.0
  • Apache » Solr » Version: 9.4.1
    cpe:2.3:a:apache:solr:9.4.1
  • Apache » Solr » Version: 9.5.0
    cpe:2.3:a:apache:solr:9.5.0
  • Apache » Solr » Version: 9.6.0
    cpe:2.3:a:apache:solr:9.6.0
  • Apache » Solr » Version: 9.6.1
    cpe:2.3:a:apache:solr:9.6.1
  • Apache » Solr » Version: 9.7.0
    cpe:2.3:a:apache:solr:9.7.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved