CVE-2013-6407XML External Entity (XXE) Injection in Apache Solr

CWE-611XML External Entity (XXE) InjectionCWE-91XML Injection (aka Blind XPath Injection)12 documents7 sources
Severity
6.4MEDIUMNVD
EPSS
11.4%
top 6.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Solr
Timeline
PublishedDec 7
Latest updateMay 17

Description

The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS vector

AV:N/AC:L/C:P/I:N/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

NVDapache/solr4.0.0+4

Patches

Patch: issues.apache.orgPatch: issues.apache.org

🔴Vulnerability Details

6
OSV
Apache Solr UpdateRequestHandler for XML resolves XML External Entities2022-05-17
GHSA
Apache Solr UpdateRequestHandler for XML resolves XML External Entities2022-05-17
GHSA
Improper Restriction of XML External Entity Reference in Apache Solr2022-05-17
GHSA
XML Injection in Apache Solr2022-05-17
OSV
CVE-2013-6407: The UpdateRequestHandler for XML in Apache Solr before 42013-12-07

📋Vendor Advisories

4
Red Hat
Solr: XML eXternal Entity (XXE) flaw in DocumentAnalysisRequestHandler2013-05-31
Debian
CVE-2013-6407: lucene-solr - The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attacke...2013
Red Hat
Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler2012-09-26
Red Hat
Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler2012-09-26

💬Community

1
Bugzilla
CVE-2012-6612 CVE-2013-6407 Apache Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler2013-11-29
CVE-2013-6407 — XML External Entity (XXE) Injection | cvebase