FKIE_CVE-2013-6407
Vulnerability from fkie_nvd - Published: 2013-12-07 20:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1887ADD7-5B71-4CC4-B003-1F50DAC3DFA2",
"versionEndIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:solr:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E1281390-06F8-49B0-9B14-B1971E7FD0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:solr:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E5BBACF-7621-44CC-B6A6-B9FC7D517AF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:solr:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B946619D-507C-40D6-B530-948BF41229B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:solr:4.0.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "49D9F075-B18A-4634-8AA1-DE1399548838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:solr:4.0.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "0CFB9E78-22B2-4683-BD17-1600A3057FF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
},
{
"lang": "es",
"value": "El UpdateRequestHandler de XML en Apache Solr anteriores a 4.1 permite a atacantes remtos tener un impacto no especificado a trav\u00e9s de datos XML conteniendo una declaraci\u00f3n de entidad externa en conjunci\u00f3n con una referencia a entidad, relacionado con un problema de XML External Entity (XXE)."
}
],
"evaluatorSolution": "Per: http://secunia.com/advisories/55542\n\n\"A vulnerability has been reported in Apache Solr, which can be exploited by malicious people to disclose certain sensitive information or cause a DoS (Denial of Service)........The vulnerability is reported in version 3.6.1. Other versions may also be affected.\"",
"id": "CVE-2013-6407",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-07T20:55:02.663",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1844.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0029.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55542"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/59372"
},
{
"source": "secalert@redhat.com",
"url": "http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/11/29/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://issues.apache.org/jira/browse/SOLR-3895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1844.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/11/29/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://issues.apache.org/jira/browse/SOLR-3895"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…