Lucene search
This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.SOLR_4_3_1.NASLHistoryJan 07, 2014 - 12:00 a.m.
Apache Solr < 4.3.1 XML External Entity Injection
2014-01-0700:00:00
This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.
www.tenable.com
29
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.003 Low
EPSS
Percentile
71.3%
The version of Apache Solr running on the remote web server is affected by an XML external entity injection vulnerability due to an incorrectly configured XML parser in the ‘DocumentAnalysisRequestHandler’ class. A remote, unauthenticated attacker can exploit this flaw to gain access to arbitrary files or to cause a denial of service condition.
Note that this issue exists due to an incomplete fix for CVE-2013-6407.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(71845);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2013-6408");
script_bugtraq_id(64009);
script_name(english:"Apache Solr < 4.3.1 XML External Entity Injection");
script_summary(english:"Checks version of Solr");
script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a Java application that is affected by
an XML External Entity (XXE) injection vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of Apache Solr running on the remote web server is
affected by an XML external entity injection vulnerability due to an
incorrectly configured XML parser in the
'DocumentAnalysisRequestHandler' class. A remote, unauthenticated
attacker can exploit this flaw to gain access to arbitrary files or to
cause a denial of service condition.
Note that this issue exists due to an incomplete fix for
CVE-2013-6407.");
script_set_attribute(attribute:"see_also", value:"https://issues.apache.org/jira/browse/SOLR-4881");
script_set_attribute(attribute:"see_also", value:"http://lucene.apache.org/solr/4_3_1/changes/Changes.html");
script_set_attribute(attribute:"solution", value:
"Upgrade to Apache Solr version 4.3.1 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/30");
script_set_attribute(attribute:"patch_publication_date", value:"2013/06/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/07");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:solr");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.");
script_dependencies("solr_detect.nbin");
script_require_keys("installed_sw/Apache Solr");
script_require_ports("Services/www", 8983);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("install_func.inc");
appname = "Apache Solr";
get_install_count(app_name:appname,exit_if_zero:TRUE);
port = get_http_port(default:8983);
install = get_single_install(
app_name:appname,
port:port,
exit_if_unknown_ver:TRUE
);
dir = install["path"];
version = install["version"];
install_url = build_url(port:port, qs:dir);
if (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_APP_VER, appname, install_url);
if (ver_compare(ver:version,fix:"4.3.1",strict:FALSE) == -1)
{
if (report_verbosity > 0)
{
report =
'\n URL : ' +install_url+
'\n Installed version : ' +version+
'\n Fixed version : 4.3.1\n';
security_warning(port:port, extra:report);
}
else security_warning(port);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, appname, install_url, version);
Related
ubuntucve
ubuntucve
ibm
ibm
cve
cve
debiancve
debiancve
osv
osv
XML Injection in Apache Solr
2022-05-17 04:39:49
lucene-solr - security update
2014-06-17 00:00:00
Apache Solr UpdateRequestHandler for XML resolves XML External Entities
2022-05-17 04:39:49
nvd
nvd
cvelist
cvelist
github
github
XML Injection in Apache Solr
2022-05-17 04:39:49
Apache Solr UpdateRequestHandler for XML resolves XML External Entities
2022-05-17 04:39:49
Improper Restriction of XML External Entity Reference in Apache Solr
2022-05-17 04:50:16
securityvulns
securityvulns
Vulnerabilities in Apache Solr < 4.6.0
2014-01-09 00:00:00
nessus
nessus
Apache Solr < 5.0 Multiple XXE
2017-02-13 00:00:00
Debian DSA-2963-1 : lucene-solr - security update
2014-06-18 00:00:00
Apache Solr < 4.1.0 Multiple XML External Entity Injections
2014-01-07 00:00:00
debian
debian
[SECURITY] [DSA 2963-1] lucene-solr security update
2014-06-17 19:32:03
openvas
openvas
Debian Security Advisory DSA 2963-1 (lucene-solr - security update)
2014-06-17 00:00:00
Debian: Security Advisory (DSA-2963-1)
2014-06-16 00:00:00
redhat
redhat
(RHSA-2014:0029) Important: Red Hat JBoss Data Grid 6.2.0 update
2014-01-15 17:38:16
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.003 Low
EPSS
Percentile
71.3%
Related for SOLR_4_3_1.NASL