Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14 Network Vulnerability

Summary

This host is installed with Apache Solr and is prone to xml external entity vulnerability.

Impact

Successful exploitation will allow remote attackers to gain potentially sensitive information and potentially perform other more advanced XXE attacks. Impact Level: Application

Solution

Upgrade to Apache Solr version 4.3.1 or later. For updates refer to http://lucene.apache.org/solr

Insight

The flaw is due to error in 'DocumentAnalysisRequestHandler' when parsing XML entities.

Affected

Apache Solr before version 4.3.1

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://osvdb.org/100396
http://secunia.com/advisories/55542
http://www.openwall.com/lists/oss-security/2013/11/29/2

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-6408

CVSS	Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P

Related Vulnerabilities

@Mail 'MailType' Parameter Cross Site Scripting Vulnerability
Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
Adobe ColdFusion Unspecified Information Disclosure Vulnerability
Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities

Take action and discover your vulnerabilities