Apache Solr XML External Entity(XXE) Vulnerability-02 Jan-14

Summary
This host is installed with Apache Solr and is prone to xml external entity vulnerability.
Impact
Successful exploitation will allow remote attackers to gain potentially sensitive information, cause denial of service and potentially perform other more advanced XXE attacks. Impact Level: Application
Solution
Upgrade to Apache Solr version 4.1 or later. For updates refer to http://lucene.apache.org/solr
Insight
The flaw is due to error in 'UpdateRequestHandler' and 'XPathEntityProcessor' when parsing XML entities.
Affected
Apache Solr before version 4.1
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References