Apache Solr vulnerabilities
46 known vulnerabilities affecting apache/solr.
Total CVEs
46
CISA KEV
3
actively exploited
Public exploits
8
Exploited in wild
6
Severity breakdown
CRITICAL9HIGH21MEDIUM15LOW1
Vulnerabilities
Page 3 of 3
CVE-2014-3628MEDIUMCVSS 4.3v4.0.0v4.1.0+19 more2015-01-06
CVE-2014-3628 [MEDIUM] CWE-79 CVE-2014-3628: Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x befo
Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object.
nvd
CVE-2012-6612HIGHCVSS 7.5≤ 4.0.0v4.0.02013-12-07
CVE-2012-6612 [HIGH] CVE-2012-6612: The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows r
The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.
nvd
CVE-2013-6407MEDIUMCVSS 6.4≤ 4.0.0v3.6.0+3 more2013-12-07
CVE-2013-6407 [MEDIUM] CVE-2013-6407: The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspec
The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
nvd
CVE-2013-6397MEDIUMCVSS 4.3≤ 4.5.1v4.0.0+7 more2013-12-07
CVE-2013-6397 [MEDIUM] CWE-22 CVE-2013-6397: Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote atta
Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow a
nvd
CVE-2013-6408MEDIUMCVSS 6.4≤ 4.3.0v3.6.0+6 more2013-12-07
CVE-2013-6408 [MEDIUM] CVE-2013-6408: The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntity
The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an in
nvd
CVE-2009-3821MEDIUMCVSS 4.3v1.0.02009-10-28
CVE-2009-3821 [MEDIUM] CWE-79 CVE-2009-3821: Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3
Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
← Previous3 / 3