Bug 1564959 (CVE-2018-1308) - CVE-2018-1308 Solr: XML external entity expansion in handler/dataimport/DataImporter.java allows remote attackers to read arbitrary files
Summary: CVE-2018-1308 Solr: XML external entity expansion in handler/dataimport/DataI...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2018-1308
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1564960
Blocks: 1564961
TreeView+ depends on / blocked
 
Reported: 2018-04-09 03:24 UTC by Sam Fowler
Modified: 2019-09-29 14:35 UTC (History)
43 users (show)

Fixed In Version: solr 6.6.3, solr 7.3
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-05-03 02:07:10 UTC


Attachments (Terms of Use)

Description Sam Fowler 2018-04-09 03:24:28 UTC
Apache Solr through versions 6.6.2 and 7.2.1 are vulnerable to XML external entity expansion (XXE) in handler/dataimport/DataImporter.java. A remote attacker could exploit this to read arbitrary local files from the vulnerable server.


External References:

http://www.openwall.com/lists/oss-security/2018/04/08/3


Upstream Issue:

https://issues.apache.org/jira/browse/SOLR-11971


Upstream Patch:

https://issues.apache.org/jira/secure/attachment/12910207/SOLR-11971.patch

Comment 1 Sam Fowler 2018-04-09 03:26:24 UTC
Created solr3 tracking bugs for this issue:

Affects: fedora-all [bug 1564960]


Note You need to log in before you can comment on or make changes to this bug.