#VU11780 XXE attack in Apache Solr - CVE-2018-1308
Vulnerability identifier: #VU11780
Vulnerability risk: Low
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID:
CWE-ID:
CWE-611
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Apache Solr
Client/Desktop applications /
Other client software
Vendor: Apache Foundation
Description
The vulnerability allows a remote unauthenticated attacker to conduct XXE attack on the target system.
The weakness exists in the dataConfig request parameter in the DataImportHandler due to improper information control. A remote attacker can make a customized file, FTP, or HTTP request, conduct an XXE attack, gain access to potentially sensitive, local file information on the system or to access sensitive information from the internal network in which the system resides.
Mitigation
Update to versions 6.6.3 or 7.3.0.
Vulnerable software versions
Apache Solr: 1.2, 1.3, 1.4, 3.1, 3.2, 3.3, 3.4, 3.5, 3.6 - 3.6.2, 4.0, 4.1 - 4.10.4, 4.2, 4.3, 4.4, 4.5, 4.6, 4.7 - 4.7.2, 4.8 - 4.8.1, 4.9 - 4.9.1, 5.0.0, 5.1, 5.2, 5.3 - 5.3.2, 5.4 - 5.4.1, 5.5 - 5.5.5, 6.0 - 6.0.1, 6.1, 6.2, 6.3, 6.4 - 6.4.2, 6.5 - 6.5.1, 6.6 - 6.6.2, 7.0.0 - 7.0.1, 7.1, 7.2 - 7.2.1
External links
https://issues.apache.org/jira/browse/SOLR-11971
https://mail-archives.apache.org/mod_mbox/www-announce/201804.mbox/%3C000001d3cf68%245ac69af0%241053...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
