[CKAN-Security] solr 6.2

JD Bothma jd at openup.org.za
Wed Feb 21 07:53:53 UTC 2018


We've contracted someone to pen-test data.vulekamali.gov.za who found the
following critical vulnerability in CKAN 6.2 as used in the Dockerfile
under contrib


We're launching our portal right now so not comfortable upgrading solr just
yet, but remapping the xmlparser name to the edismax class has mitigated it
for us for now. See

I confirmed the vulnerability with the following curl request against a
locally-running ckan instance:
curl -v

On the IP port 8888 I was running nc -l -p 8888 - when running
the request against ckan, I saw a GET request in nc. You can also verify
the vulnerability by looking for "Connection Refused" in the error response
which shows the server tried to request the DOCTYPE you told it to, and
would have executed malicious code you would have served.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.okfn.org/mailman/private/security/attachments/20180221/2dfab6f8/attachment.html>

More information about the Security mailing list