Apache Solr XML External Entity(XXE) Vulnerability-02 Jan-14 Network Vulnerability

Summary

This host is installed with Apache Solr and is prone to xml external entity vulnerability.

Impact

Successful exploitation will allow remote attackers to gain potentially sensitive information, cause denial of service and potentially perform other more advanced XXE attacks. Impact Level: Application

Solution

Upgrade to Apache Solr version 4.1 or later. For updates refer to http://lucene.apache.org/solr

Insight

The flaw is due to error in 'UpdateRequestHandler' and 'XPathEntityProcessor' when parsing XML entities.

Affected

Apache Solr before version 4.1

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://secunia.com/advisories/55542
http://www.openwall.com/lists/oss-security/2013/11/29/2

Updated on 2017-03-28

Severity

Classification

CVE CVE-2012-6612, CVE-2013-6407
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
ATutor < 1.5.1-pl1 Multiple Flaws
Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability
ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability

Take action and discover your vulnerabilities