CVE-2013-6397

EXPLOITED

Apache Solr < 4.6 - Path Traversal via tr Parameter

Title source: llm

Exploitation Summary

CVE-2013-6397 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.

References (9)

Core 9

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2014-0029.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-1844.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/63935

Patch x_refsource_confirm

https://issues.apache.org/jira/browse/SOLR-4882

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2013/11/27/1

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/55730

Various Sources x_refsource_confirm

http://lucene.apache.org/solr/4_6_0/changes/Changes.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/59372

Exploit x_refsource_misc

http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html

Scores

EPSS 0.9093

EPSS Percentile 99.6%

Details

VulnCheck KEV 2024-09-19

CWE

CWE-22

Status published

Products (10)

apache/solr 4.0.0 (3 CPE variants)

apache/solr 4.1.0

apache/solr 4.2.0

apache/solr 4.2.1

apache/solr 4.3.0

apache/solr 4.3.1

apache/solr 4.4.0

apache/solr 4.5.0

apache/solr < 4.5.1

org.apache.solr/solr-core 0 - 4.6.0Maven

Published Dec 07, 2013

Tracked Since Feb 18, 2026