Your submission was sent successfully! Close

CVE-2018-1308

Published: 9 April 2018

This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.

From the Ubuntu security team

It was discovered that Apache Solr has a XML external entity expansion (XXE) vulnerability. A attacker could use it to read arbitrary local files.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
lucene-solr
Launchpad, Ubuntu, Debian
artful
Released (3.6.2+dfsg-10+deb9u2build0.17.10.1)
bionic Needed

cosmic Not vulnerable

disco Not vulnerable

eoan Not vulnerable

focal Not vulnerable

groovy Not vulnerable

hirsute Not vulnerable

impish Not vulnerable

jammy Not vulnerable

precise Does not exist

trusty Does not exist
(trusty was needs-triage)
upstream
Released (3.6.2+dfsg-12)
xenial Ignored
(end of standard support, was needed)