Description

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. The manipulated files can be uploaded as configsets using Solr's API, allowing to exploit that vulnerability.

Remediation

References

http://www.securityfocus.com/bid/104690

https://issues.apache.org/jira/browse/SOLR-12450

https://mail-archives.apache.org/mod_mbox/lucene-solr-user/201807.mbox/%3C0cdc01d413b7%24f97ba580%24ec72f080%24%40apache.org%3E

https://security.netapp.com/advisory/ntap-20190307-0002/

Related Vulnerabilities

CVE-2022-24613 Vulnerability in maven package com.drewnoakes:metadata-extractor

CVE-2016-10641 Vulnerability in npm package node-bsdiff-android

CVE-2023-36665 Vulnerability in npm package protobufjs

CVE-2014-7205 Vulnerability in npm package bassmaster

CVE-2020-13951 Vulnerability in maven package org.apache.openmeetings:openmeetings-server

Severity

Medium

Classification

CWE-611 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Third Party Advisory VDB Entry Exploit Issue Tracking Vendor Advisory Mailing List