Your submission was sent successfully! Close

CVE-2018-1308

Published: 09 April 2018

This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.

From the Ubuntu security team

It was discovered that Apache Solr has a XML external entity expansion (XXE) vulnerability. A attacker could use it to read arbitrary local files.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
lucene-solr
Launchpad, Ubuntu, Debian
Upstream
Released (3.6.2+dfsg-12)
Ubuntu 21.10 (Impish Indri) Not vulnerable

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needs-triage)