CVE-2012-6612
Apache Solr < 4.1.0 - XML External Entity Injection via UpdateRequestHandler or XPathEntityProcessor
Title source: llmDescription
The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.
References (4)
Core 4
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0029.html
Patch x_refsource_confirm
https://issues.apache.org/jira/browse/SOLR-3895
Patch x_refsource_confirm
http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1844.html
Scores
EPSS
0.1008
EPSS Percentile
95.1%
Details
Status
published
Products (3)
apache/solr
4.0.0 alpha (2 CPE variants)
apache/solr
< 4.0.0
org.apache.solr/solr-core
0 - 4.1.0Maven
Published
Dec 07, 2013
Tracked Since
Feb 18, 2026