Your submission was sent successfully! Close

CVE-2014-3628

Published: 6 January 2015

Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object.

Notes

AuthorNote
sbeattie
only affected solr 4.x releases
Priority

Medium

Status

Package Release Status
lucene-solr
Launchpad, Ubuntu, Debian
artful Not vulnerable
(solr 4.x only)
bionic Not vulnerable
(solr 4.x only)
lucid Does not exist

precise Does not exist

trusty Does not exist
(trusty was not-affected [solr 4.x only])
upstream Needs triage

utopic Ignored
(reached end-of-life)
vivid Does not exist

wily Ignored
(reached end-of-life)
xenial Not vulnerable
(solr 4.x only)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)