CVE-2012-6612

The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.

Published: Dec 7, 2013
Updated: May 9, 2024
CVE: CVE-2012-6612
GHSA: GHSA-6cpj-3g83-q2j4
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-611

OWASP TOP 10:

A4 - XML External Entities (XXE)

Affected Software
References

Software	From	Fixed in
apache / solr	4.0.0-alpha	4.0.0-alpha.x
apache / solr	4.0.0-beta	4.0.0-beta.x
apache / solr	-	4.0.0.x
org.apache.solr / solr-core	-	4.1.0

http://rhn.redhat.com/errata/RHSA-2013-1844.html
http://rhn.redhat.com/errata/RHSA-2014-0029.html
http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup
https://github.com/apache/lucene-solr/commit/0d21b900975b7048d2e925d852aeacb9bdc6766c
https://github.com/apache/lucene-solr/commit/f230486ce6707762c1a6e81655d0fac52887906d
https://issues.apache.org/jira/browse/SOLR-3895

Vulnerability Database

289,599

CVE-2012-6612