Apache Solr XXE

2013.11.29
Credit: David Jorm
Risk: High
Local: No
Remote: Yes
CWE: N/A

Hi All Apache Solr 4.3.1, 4.4, 5.0 resolves multiple XXE flaws, as described in the following bugs: https://issues.apache.org/jira/browse/SOLR-3895 https://issues.apache.org/jira/browse/SOLR-4881 I have confirmed that these issues can also be exploited on Apache Solr 3.6.2. Please assign a CVE ID for these XXE flaws (I think a single CVE ID is most appropriate). Thanks -- David Jorm / Red Hat Security Response Team

References:

https://issues.apache.org/jira/browse/SOLR-3895
https://issues.apache.org/jira/browse/SOLR-4881
http://cxsecurity.com/issue/WLB-2013110188


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top