CVE-2012-6612

Apache Solr < 4.1.0 - XML External Entity Injection via UpdateRequestHandler or XPathEntityProcessor

Title source: llm
STIX 2.1

Description

The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.

References (4)

Core 4
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0029.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1844.html

Scores

EPSS 0.1008
EPSS Percentile 95.1%

Details

Status published
Products (3)
apache/solr 4.0.0 alpha (2 CPE variants)
apache/solr < 4.0.0
org.apache.solr/solr-core 0 - 4.1.0Maven
Published Dec 07, 2013
Tracked Since Feb 18, 2026