Is Qualys working on a QID for this?
Update: We are releasing QID 11870 Apache Solr Code Execution Vulnerability Zero-Day tonight under VULNSIGS-2_4_165 (or higher) .
We're investigating, but there's no commitment I can give.
Affected Versions:Apache Solr version 7.0.1 and prior
QID Detection Logic (Unauthenticated):This QID sends specifically crafted request which include special entities in the xml document and looks for the vulnerable response.Alternatively, in another check, this QID matches vulnerable versions in the response webpage
I dont see documentation stating what versions besides 6.x and 7.x is vulnerable. we see detection's for this vulnerability based on the version detected, in our test case it is 5.3 however there is no evidence this version is actually vulnerable. Am I missing something?
Retrieving data ...