CVE-2012-6612 — XML External Entity (XXE) Injection in Apache Solr

CWE-611 — XML External Entity (XXE) Injection8 documents7 sources

Severity

7.5HIGHNVD

GHSA6.4OSV6.4

EPSS

1.4%

top 19.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Solr

Timeline

PublishedDec 7

Latest updateMay 17

Description

The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDapache/solr4.0.0+1

Patches

Patch: issues.apache.org ↗Patch: issues.apache.org ↗

🔴Vulnerability Details

GHSA

Improper Restriction of XML External Entity Reference in Apache Solr↗2022-05-17

▶

OSV

Improper Restriction of XML External Entity Reference in Apache Solr↗2022-05-17

▶

OSV

CVE-2012-6612: The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4↗2013-12-07

▶

CVEList

CVE-2012-6612: The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4↗2013-12-07

▶

📋Vendor Advisories

Red Hat

Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler↗2012-09-26

▶

Debian

CVE-2012-6612: lucene-solr - The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr...↗2012

▶

💬Community

Bugzilla

CVE-2012-6612 CVE-2013-6407 Apache Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler↗2013-11-29

▶