Описание
Improper Limitation of a Pathname to a Restricted Directory in Apache Solr
Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2013-6397
- https://github.com/apache/lucene-solr/commit/da34b18cb3092df4972e2b6fa5178d1059923910
- https://issues.apache.org/jira/browse/SOLR-4882
- https://web.archive.org/web/20170307173358/http://www.securityfocus.com/bid/63935
- http://lucene.apache.org/solr/4_6_0/changes/Changes.html
- http://rhn.redhat.com/errata/RHSA-2013-1844.html
- http://rhn.redhat.com/errata/RHSA-2014-0029.html
- http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html
- http://www.openwall.com/lists/oss-security/2013/11/27/1
Пакеты
org.apache.solr:solr-core
< 4.6.0
4.6.0
Связанные уязвимости
Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.
Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.
Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.
Directory traversal vulnerability in SolrResourceLoader in Apache Solr ...
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность и доступность защищаемой информации