cbcvebase.
CVE-2013-6397
published 2013-12-07

CVE-2013-6397: Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full…

PriorityP178medium4.3CVSS 2.0
AVNACMAuNCPINAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
56.26%
98.9th percentile
Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.

Affected

10 ranges
VendorProductVersion rangeFixed in
apachesolr<= 4.5.1
apachesolr
apachesolr
apachesolr
apachesolr
apachesolr
apachesolr
apachesolr
apachesolr
debianlucene-solr< lucene-solr 3.6.2+dfsg-2 (bookworm)lucene-solr 3.6.2+dfsg-2 (bookworm)

Detection & IOCsextracted from sources · hover to see the quote

url/solr/select/?tr=..%2F..%2F&wt=xslt
path/solr/select/
path/solr/admin/info/system
snort
alert http any any -> $HOME_NET any (msg:"ET INFO Apache Solr System Information Request"; flow:established,to_server; http.uri; content:"/solr/admin/info/system"; reference:url,www.exploit-db.com/exploits/47572; reference:url,web.archive.org/web/20190718141548/https://www.agarri.fr/blog/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html; classtype:misc-activity; sid:2031504; rev:4; metadata:affected_product Apache_Solr, attack_target Web_Server, created_at 2021_01_08, deployment Perimeter, confidence High, signature_severity Informational, updated_at 2026_01_20;)
  • Monitor HTTP requests to /solr/select/ where the 'tr' parameter contains directory traversal sequences (e.g., '../') or absolute paths, combined with 'wt=xslt' in the query string.
  • The vulnerability can be chained with a separate XXE vulnerability to reach files across restricted network boundaries — look for XXE payloads in Solr XML responses or requests alongside XSLT traversal attempts.
  • Solr REST endpoints that load XSL stylesheets or Velocity templates via SolrResourceLoader are the attack surface; monitor for unexpected or absolute path values in REST parameters feeding these components.
  • Reconnaissance activity against /solr/admin/info/system is associated with CVE-2013-6397 exploitation chains; alert on inbound HTTP requests to this URI (ET SID 2031504).
  • ·The vulnerability affects Apache Solr versions before 4.6; ensure the deployed version is 4.6 or later (or the patched 3.6.x Debian package 3.6.2+dfsg-2) to confirm the fix is in place.
  • ·The SolrResourceLoader allowed loading of resources via absolute paths, or relative paths not sanitized for directory traversal — verify that path sanitization is enforced in the deployed configuration.

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv4.3MEDIUM
vulncheck4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.