Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-8026

Опубликовано: 05 июл. 2018
Источник: nvd
CVSS3: 5.5
CVSS2: 2.1
EPSS Низкий

Описание

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. The manipulated files can be uploaded as configsets using Solr's API, allowing to exploit that vulnerability.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*
Версия от 6.0.0 (исключая) до 6.6.4 (включая)
cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*
Версия от 7.0.0 (включая) до 7.3.1 (включая)
Конфигурация 2

Одно из

cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*

EPSS

Процентиль: 89%
0.04341
Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-611

Связанные уязвимости

ubuntu логотип

CVE-2018-8026

CVSS3: 5.5
ubuntu
больше 7 лет назад

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. The manipulated files can be uploaded as configsets using Solr's API, allowing to exploit that vulnerability.

redhat логотип

CVE-2018-8026

CVSS3: 6.5
redhat
больше 7 лет назад

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. The manipulated files can be uploaded as configsets using Solr's API, allowing to exploit that vulnerability.

debian логотип

CVE-2018-8026

CVSS3: 5.5
debian
больше 7 лет назад

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 re ...

github логотип

GHSA-7px3-6f6g-hxcj

CVSS3: 5.5
github
больше 7 лет назад

XML external entity expansion in org.apache.solr:solr-core

EPSS

Процентиль: 89%
0.04341
Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-611