Description

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. The manipulated files can be uploaded as configsets using Solr's API, allowing to exploit that vulnerability.

Remediation

References

http://www.securityfocus.com/bid/104690

https://issues.apache.org/jira/browse/SOLR-12450

https://mail-archives.apache.org/mod_mbox/lucene-solr-user/201807.mbox/%3C0cdc01d413b7%24f97ba580%24ec72f080%24%40apache.org%3E

https://security.netapp.com/advisory/ntap-20190307-0002/

Related Vulnerabilities

CVE-2022-29567 Vulnerability in maven package com.vaadin:vaadin

CVE-2021-23443 Vulnerability in npm package edge.js

CVE-2020-2255 Vulnerability in maven package io.jenkins.blueocean:blueocean-parent

CVE-2016-10558 Vulnerability in npm package aerospike

CVE-2020-6506 Vulnerability in maven package org.webjars.npm:react-native-webview

Severity

Medium

Classification

CWE-611 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Third Party Advisory VDB Entry Exploit Issue Tracking Vendor Advisory Mailing List