cbcvebase.
CVE-2018-1308
published 2018-04-09

CVE-2018-1308: This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=` parameter of Solr's…

PriorityP357high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
20.94%
97.2th percentile
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.

Affected

8 ranges
VendorProductVersion rangeFixed in
apachesolr1.2 – 6.6.2
apachesolr7.0.0 – 7.2.1
apache_software_foundationapache_solr
apache_software_foundationapache_solr
debiandebian_linux
debiandebian_linux
debiandebian_linux
debianlucene-solr< lucene-solr 3.6.2+dfsg-12 (bookworm)lucene-solr 3.6.2+dfsg-12 (bookworm)

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.