CVE-2019-12401

HIGH

Apache Solr 1.3.0-1.4.1, 3.1.0-3.6.2, 4.0.0-4.10.4 - XML Entity Expansion via Update Handler

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-12401. PoCs published by mbadanoiu.

AI-analyzed exploit summary The repository lacks actual exploit code and instead points to an external PDF for details, which is a common tactic for suspicious repos. The README provides minimal technical information about the XML bomb vulnerability in Apache Solr.

Description

Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs.

Exploits (1)

nomisec SUSPICIOUS

by mbadanoiu · poc

https://github.com/mbadanoiu/CVE-2019-12401

View Code ZIP pw:eip

The repository lacks actual exploit code and instead points to an external PDF for details, which is a common tactic for suspicious repos. The README provides minimal technical information about the XML bomb vulnerability in Apache Solr.

Classification

Suspicious 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Theoretical

Target: Apache Solr < 5.0.0

No auth needed

Prerequisites: Network access to vulnerable Solr instance

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (11)

Core 11

Core References

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/7ab5e95a1a0b4f35ffe53f1eb0cb74b4348b49d41b72ac155b843fa2%40%3Cgeneral.lucene.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/048ae6e4f84a88e8856f766320b48ad91f9fca2c6f621aa2c40088fe%40%3Cdev.lucene.apache.org%3E

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2019/09/10/1

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/521d10a19bfb590f86dff41820ccfb11e92281f233a12c882650931e%40%3Cdev.lucene.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/1c92300643f48f13bc59b15e3f886ba62bae1798c7d4c2e5c1ece09b%40%3Cannounce.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/60a924662ead9aeea74e8ea128d9ca935f8de925aa71b15ab2787d6a%40%3Csolr-user.lucene.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/db8eaca456d03c00a66cbe37548978318d424b9997e3fd7f5c65dffe%40%3Cdev.lucene.apache.org%3E

Broken Link, Mailing List, Vendor Advisory mailing-list x_refsource_mlist

http://mail-archives.us.apache.org/mod_mbox/www-announce/201909.mbox/%3CCAECwjAXU4%3DkAo5DeUJw7Kvk67sgCmajAN7LGZQNjbjZ8gv%3DBdw%40mail.gmail.com%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/0ec231c5ed8d242890e21806d25fdd47f80cc47cac278d2fc1c9c579%40%3Cdev.lucene.apache.org%3E

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20190926-0002/

Exploit, Third Party Advisory x_refsource_misc

https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12401-XML%20Bomb-Apache%20Solr

Scores

CVSS v3 7.5

EPSS 0.3277

EPSS Percentile 97.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-776

Status published

Products (2)

apache/solr 1.3.0 - 1.4.1

org.apache.solr/solr-core 0 - 5.0.0Maven

Published Sep 10, 2019

Tracked Since Feb 18, 2026