Lucene search

K

RedhatCVELIST:CVE-2013-6397

HistoryDec 07, 2013 - 8:00 p.m.

CVE-2013-6397

2013-12-0720:00:00

redhat

www.cve.org

1

6.3 Medium

AI Score

Confidence

Low

0.528 Medium

EPSS

Percentile

97.6%

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a … (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.

References

lucene.apache.org/solr/4_6_0/changes/Changes.html

rhn.redhat.com/errata/RHSA-2013-1844.html

rhn.redhat.com/errata/RHSA-2014-0029.html

secunia.com/advisories/55730

secunia.com/advisories/59372

www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html

www.openwall.com/lists/oss-security/2013/11/27/1

www.securityfocus.com/bid/63935

issues.apache.org/jira/browse/SOLR-4882

6.3 Medium

AI Score

Confidence

Low

0.528 Medium

EPSS

Percentile

97.6%

Related for CVELIST:CVE-2013-6397

osv2 cve1 nessus2 prion1 openvas4 debiancve1 checkpoint_advisories1 github1 nvd1 ubuntucve1 debian1 securityvulns2 redhat1