CVE-2013-6407

The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Published: Dec 7, 2013
Updated: May 9, 2024
CVE: CVE-2013-6407
GHSA: GHSA-998j-j6v9-5846
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:P/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
apache / solr	4.0.0-alpha	4.0.0-alpha.x
apache / solr	3.6.1	3.6.1.x
apache / solr	3.6.0	3.6.0.x
apache / solr	4.0.0-beta	4.0.0-beta.x
apache / solr	-	4.0.0.x
apache / solr	3.6.2	3.6.2.x
org.apache.solr / solr-core	-	4.1.0

http://rhn.redhat.com/errata/RHSA-2013-1844.html
http://rhn.redhat.com/errata/RHSA-2014-0029.html
http://secunia.com/advisories/55542
http://secunia.com/advisories/59372
http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup
http://www.openwall.com/lists/oss-security/2013/11/29/2
https://issues.apache.org/jira/browse/SOLR-3895

Vulnerability Database

289,599

CVE-2013-6407