CVE-2013-6407

Apache Solr < 4.1.0 - XML External Entity Injection via UpdateRequestHandler

Title source: llm

Description

The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

References (7)

Core 7

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2014-0029.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-1844.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/55542

Patch x_refsource_confirm

https://issues.apache.org/jira/browse/SOLR-3895

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2013/11/29/2

Patch x_refsource_confirm

http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/59372

Scores

EPSS 0.1139

EPSS Percentile 93.7%

Details

Status published

Products (6)

apache/solr 3.6.0

apache/solr 3.6.1

apache/solr 3.6.2

apache/solr 4.0.0 alpha (2 CPE variants)

apache/solr < 4.0.0

org.apache.solr/solr-core 0 - 4.1.0Maven

Published Dec 07, 2013

Tracked Since Feb 18, 2026