Description
Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6Attack Vector: Network
Complexity: Low
Privileges: None
User Interaction: None
Scope: Unchanged
Confidentiality: None
Integrity: None
Availability: High
Affected Packages2 packages
▶CVEListV5apache/solr1.3.0 to 1.4.1, 3.1.0 to 3.6.2, 4.0.0 to 4.10.4+2 🔴Vulnerability Details
3GHSAApache Solr vulnerable to XML Bomb↗2022-05-24 OSVApache Solr vulnerable to XML Bomb↗2022-05-24 CVEListCVE-2019-12401: Solr versions 1↗2019-09-10 📋Vendor Advisories
2Red Hatsolr: XML resource consumption attack via update handler↗2019-09-09 DebianCVE-2019-12401: lucene-solr - Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable ...↗2019 💬Community
2BugzillaCVE-2019-12401 solr3: solr: XML resource consumption attack via update handler [fedora-all]↗2020-01-09 BugzillaCVE-2019-12401 solr: XML resource consumption attack via update handler↗2020-01-09