Vigil@nce - Drupal Apache Solr Search: denial of service
February 2016 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can delete the search environment of Drupal Apache
Solr Search, in order to trigger a denial of service.
– Impacted products: Drupal Modules not comprehensive.
– Severity: 2/4.
– Creation date: 03/12/2015.
DESCRIPTION OF THE VULNERABILITY
The Apache Solr Search module can be installed on Drupal.
However, an attacker can guess the search configuration
identifier, and delete it.
An attacker can therefore delete the search environment of Drupal
Apache Solr Search, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Drupal-Apache-Solr-Search-denial-of-service-18424