Bird_banner_small4
Apache Solr Data Import Handler XML External Entity Expansion Information Disclosure
TSL ID TSL20180410-01
CVE ID(s) CVE-2018-1308
Severity High
Description

An XML external entity expansion vulnerability has been reported in Apache Solr. The vulnerability is due to improper handling of XML external entities in XML content submitted to the DataImportHandler.

A remote attacker can exploit this vulnerability by submitting a crafted request to the target server. Successful exploitation results in the disclosure of file contents for any file readable by the Apache Solr service.

The vendor, Apache, has released the following advisory regarding this vulnerability:

https://mail-archives.apache.org/mod_mbox/www-announce/201804.mbox/%3C000001d3cf68%245ac69af0%241053d0d0%24%40apache.org%3E

Affected Products
  • Apache Software Foundation Solr 1.2 to 6.6.2
  • Apache Software Foundation Solr 7.0.0 to 7.2.1
CVSS Score Base 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N):
  • Access vector is NETWORK
  • Access complexity is MEDIUM
  • Level of authentication required is NONE
  • Impact of this vulnerability on data confidentiality is PARTIAL
  • Impact of this vulnerability on data integrity is NONE
  • Impact of this vulnerability on data availability is NONE
Temporal 3.4 (E:POC/RL:OF/RC:C):
  • The exploitability level of this vulnerability is PROOF OF CONCEPT
  • The remediation level of this vulnerability is OFFICIAL FIX
  • The report confidence level of this vulnerability is CONFIRMED
References https://issues.apache.org/jira/secure/attachment/12910190/ApacheSolrDIH-XXE.pdf
https://mail-archives.apache.org/mod_mbox/www-announce/201804.mbox/%3C000001d3cf68%245ac69af0%241053d0d0%24%40apache.org%3E
Related Threats