Information disclosure in Apache Solr

Published: 2018-04-12 11:43:07
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-1308
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software Apache Solr
Vulnerable software versions Apache Solr 1.2
Apache Solr 1.3
Apache Solr 1.4

Show more

Vendor URL Apache Foundation

Security Advisory

1) XXE attack


The vulnerability allows a remote unauthenticated attacker to conduct XXE attack on the target system.

The weakness exists in the dataConfig request parameter in the DataImportHandler due to improper information control. A remote attacker can make a customized file, FTP, or HTTP request, conduct an XXE attack, gain access to potentially sensitive, local file information on the system or to access sensitive information from the internal network in which the system resides.


Update to versions 6.6.3 or 7.3.0.

External links

Back to List