Hi All
Apache Solr 4.3.1, 4.4, 5.0 resolves multiple XXE flaws, as described in the following bugs:
https://issues.apache.org/jira/browse/SOLR-3895
https://issues.apache.org/jira/browse/SOLR-4881
I have confirmed that these issues can also be exploited on Apache Solr 3.6.2. Please assign a CVE ID for these XXE
flaws (I think a single CVE ID is most appropriate).
Thanks
--
David Jorm / Red Hat Security Response Team