| Vulnerability Name: | CVE-2018-1308 (CCN-141348) | ||||||||||||||||||||||||||||||||||||
| Assigned: | 2017-12-07 | ||||||||||||||||||||||||||||||||||||
| Published: | 2018-04-08 | ||||||||||||||||||||||||||||||||||||
| Updated: | 2019-11-12 | ||||||||||||||||||||||||||||||||||||
| Summary: | This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. | ||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-611 | ||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-1308 Source: CCN Type: Apache Web site Apache Solr Source: CCN Type: oss-sec Mailing List, Sun, 8 Apr 2018 20:35:18 +0200 CVE-2018-1308: XXE attack through Apache Solr's DIH's dataConfig request parameter Source: XF Type: UNKNOWN apache-solr-cve20181308-info-disc(141348) Source: CONFIRM Type: Issue Tracking, Third Party Advisory https://issues.apache.org/jira/browse/SOLR-11971 Source: MLIST Type: UNKNOWN [lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report Source: MLIST Type: Third Party Advisory [debian-lts-announce] 20180424 [SECURITY] [DLA 1360-1] lucene-solr security update Source: MLIST Type: Mitigation, Third Party Advisory [www-announce] 20180408 [SECURITY] CVE-2018-1308: XXE attack through Apache Solr's DIH's dataConfig request parameter Source: DEBIAN Type: Third Party Advisory DSA-4194 | ||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||