CVE-2017-1000190
CRITICALApache Solr - XML External Entity Injection via SimpleXML Parser
Title source: manualDescription
SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.
References (4)
Core 4
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_confirm
https://github.com/ngallagher/simplexml/issues/18
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/8c4ef27e2c0218f29e785990dc919266855aea137c958f10d242cb36%40%3Cdev.lucene.apache.org%3E
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E
Scores
CVSS v3
9.1
EPSS
0.0076
EPSS Percentile
73.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-611
Status
published
Products (3)
apache/solr
8.4.1
org.simpleframework/simple-xml
0 - 2.7.1Maven
simplexml_project/simplexml
< 2.7.1
Published
Nov 17, 2017
Tracked Since
Feb 18, 2026