It was found that the SolrResourceLoader class in Apache Solr allowed loading of resources via absolute paths, or relative paths which were not sanitized for directory traversal. Some Solr components expose REST interfaces which load resources (XSL stylesheets and Velocity templates) via SolrResourceLoader, using paths identified by REST parameters. A remote attacker could use this flaw to load arbitrary local files on the server via SolrResourceLoader, potentially resulting in information disclosure or remote code execution.
External References: http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html
Upstream Bugs: https://issues.apache.org/jira/browse/SOLR-4882 https://issues.apache.org/jira/browse/SOLR-5520 Upstream Patches: https://issues.apache.org/jira/secure/attachment/12604396/SOLR-4882.patch https://issues.apache.org/jira/secure/attachment/12618097/CVE-fixes-Solr36.patch
This issue has been addressed in following products: Red Hat JBoss Web Framework Kit 2.4.0 Via RHSA-2013:1844 https://rhn.redhat.com/errata/RHSA-2013-1844.html
This issue has been addressed in following products: Red Hat JBoss Data Grid 6.2.0 Via RHSA-2014:0029 https://rhn.redhat.com/errata/RHSA-2014-0029.html