PT-2018-18379 · Apache · Apache Solr
Published
2018-05-21
·
Updated
2020-03-20
·
CVE-2018-8010
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Apache Solr versions 6.0.0 through 6.6.3
Apache Solr versions 7.0.0 through 7.3.0
Description:
This issue relates to an XML external entity expansion (XXE) in Solr config files, such as solrconfig.xml, schema.xml, and managed-schema, which can also affect Xinclude functionality. The issue allows for the reading of arbitrary local files from the Solr server or internal network using file, ftp, or http protocols.
Recommendations:
For Apache Solr versions 6.0.0 through 6.6.3, upgrade to Solr 6.6.4.
For Apache Solr versions 7.0.0 through 7.3.0, upgrade to Solr 7.3.1.
Once the upgrade is complete, no other steps are required.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Solr