CVE-2018-1308
published 2018-04-09CVE-2018-1308: This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=` parameter of Solr's…
PriorityP357high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
20.94%
97.2th percentile
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | solr | 1.2 – 6.6.2 | — |
| apache | solr | 7.0.0 – 7.2.1 | — |
| apache_software_foundation | apache_solr | — | — |
| apache_software_foundation | apache_solr | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | lucene-solr | < lucene-solr 3.6.2+dfsg-12 (bookworm) | lucene-solr 3.6.2+dfsg-12 (bookworm) |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
There is a XML external entity expansion (XXE) vulnerability in Apache Solr
ghsa·2018-10-17
CVE-2018-1308 [HIGH] CWE-611 There is a XML external entity expansion (XXE) vulnerability in Apache Solr
There is a XML external entity expansion (XXE) vulnerability in Apache Solr
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.
OSV
There is a XML external entity expansion (XXE) vulnerability in Apache Solr
osv·2018-10-17
CVE-2018-1308 [HIGH] There is a XML external entity expansion (XXE) vulnerability in Apache Solr
There is a XML external entity expansion (XXE) vulnerability in Apache Solr
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.
OSV
CVE-2018-1308: This vulnerability in Apache Solr 1
osv·2018-04-09·CVSS 7.5
CVE-2018-1308 [HIGH] CVE-2018-1308: This vulnerability in Apache Solr 1
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.
Red Hat
Solr: XML external entity expansion in handler/dataimport/DataImporter.java allows remote attackers to read arbitrary files
vendor_redhat·2018-02-12·CVSS 7.5
CVE-2018-1308 [HIGH] CWE-611 Solr: XML external entity expansion in handler/dataimport/DataImporter.java allows remote attackers to read arbitrary files
Solr: XML external entity expansion in handler/dataimport/DataImporter.java allows remote attackers to read arbitrary files
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.
Package: solr-core (JBoss Developer Studio 11) - Not affected
Package: camel (Red Hat Fuse 7) - Not affected
Package: solr-core (Red Hat JBoss Data Grid 6) - Not affected
Package: solr-core (Red Hat JBoss Data Virtualization 6) - Not affected
Package: solr-core (Red Hat JBoss Enterprise Application Platform 6) - Not affected
Package: camel (Red Hat JBos
Debian
CVE-2018-1308: lucene-solr - This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an ...
vendor_debian·2018·CVSS 7.5
CVE-2018-1308 [HIGH] CVE-2018-1308: lucene-solr - This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an ...
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.
Scope: local
bookworm: resolved (fixed in 3.6.2+dfsg-12)
bullseye: resolved (fixed in 3.6.2+dfsg-12)
forky: resolved (fixed in 3.6.2+dfsg-12)
sid: resolved (fixed in 3.6.2+dfsg-12)
trixie: resolved (fixed in 3.6.2+dfsg-12)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-1308 solr3: Solr: XML external entity expansion in handler/dataimport/DataImporter.java allows remote attackers to read arbitrary files [fedora-all]
bugzilla·2018-04-09·CVSS 7.5
CVE-2018-1308 [HIGH] CVE-2018-1308 solr3: Solr: XML external entity expansion in handler/dataimport/DataImporter.java allows remote attackers to read arbitrary files [fedora-all]
CVE-2018-1308 solr3: Solr: XML external entity expansion in handler/dataimport/DataImporter.java allows remote attackers to read arbitrary files [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and
Bugzilla
CVE-2018-1308 Solr: XML external entity expansion in handler/dataimport/DataImporter.java allows remote attackers to read arbitrary files
bugzilla·2018-04-09·CVSS 7.5
CVE-2018-1308 [HIGH] CVE-2018-1308 Solr: XML external entity expansion in handler/dataimport/DataImporter.java allows remote attackers to read arbitrary files
CVE-2018-1308 Solr: XML external entity expansion in handler/dataimport/DataImporter.java allows remote attackers to read arbitrary files
Apache Solr through versions 6.6.2 and 7.2.1 are vulnerable to XML external entity expansion (XXE) in handler/dataimport/DataImporter.java. A remote attacker could exploit this to read arbitrary local files from the vulnerable server.
External References:
http://www.openwall.com/lists/oss-security/2018/04/08/3
Upstream Issue:
https://issues.apache.org/jira/browse/SOLR-11971
Upstream Patch:
https://issues.apache.org/jira/secure/attachment/12910207/SOLR-11971.patch
Discussion:
Created solr3 tracking bugs for this issue:
Affects: fedora-all [bug 1564960]
https://issues.apache.org/jira/browse/SOLR-11971https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2018/04/msg00025.htmlhttps://mail-archives.apache.org/mod_mbox/www-announce/201804.mbox/%3C000001d3cf68%245ac69af0%241053d0d0%24%40apache.org%3Ehttps://www.debian.org/security/2018/dsa-4194https://issues.apache.org/jira/browse/SOLR-11971https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2018/04/msg00025.htmlhttps://mail-archives.apache.org/mod_mbox/www-announce/201804.mbox/%3C000001d3cf68%245ac69af0%241053d0d0%24%40apache.org%3Ehttps://www.debian.org/security/2018/dsa-4194
2018-04-09
Published