Description

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. The manipulated files can be uploaded as configsets using Solr's API, allowing to exploit that vulnerability.

Remediation

References

http://www.securityfocus.com/bid/104690

https://issues.apache.org/jira/browse/SOLR-12450

https://mail-archives.apache.org/mod_mbox/lucene-solr-user/201807.mbox/%3C0cdc01d413b7%24f97ba580%24ec72f080%24%40apache.org%3E

https://security.netapp.com/advisory/ntap-20190307-0002/

Related Vulnerabilities

CVE-2022-29249 Vulnerability in maven package io.github.javaezlib:javaez

CVE-2019-18818 Vulnerability in npm package strapi

CVE-2022-23107 Vulnerability in maven package io.jenkins.plugins:warnings-ng

CVE-2017-18869 Vulnerability in npm package chownr

CVE-2019-15600 Vulnerability in npm package http_server

Severity

Medium

Classification

CWE-611 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Third Party Advisory VDB Entry Exploit Issue Tracking Vendor Advisory Mailing List