Your submission was sent successfully! Close


Published: 9 April 2018

This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.

From the Ubuntu security team

It was discovered that Apache Solr has a XML external entity expansion (XXE) vulnerability. A attacker could use it to read arbitrary local files.



CVSS 3 base score: 7.5


Package Release Status
Launchpad, Ubuntu, Debian
Released (3.6.2+dfsg-10+deb9u2build0.17.10.1)
bionic Needed

cosmic Not vulnerable

disco Not vulnerable

eoan Not vulnerable

focal Not vulnerable

groovy Not vulnerable

hirsute Not vulnerable

impish Not vulnerable

jammy Not vulnerable

precise Does not exist

trusty Does not exist
(trusty was needs-triage)
Released (3.6.2+dfsg-12)
xenial Ignored
(end of standard support, was needed)