the original cloud security

Apache Solr XXE Injection / Directory Traversal

Apache Solr XXE Injection / Directory Traversal
Posted Dec 9, 2013
Authored by Nicolas Gregoire

Apache Solr recently patched multiple XXE injection vulnerabilities and a directory traversal vulnerability.

tags | advisory, vulnerability, file inclusion
advisories | CVE-2013-6397, CVE-2013-6407, CVE-2013-6408
MD5 | 28b6042779b71f876b8300ed763a4710

Apache Solr XXE Injection / Directory Traversal

Change Mirror Download
Hello,

Apache Solr is search platform edited by the Apache project. Quoting
http://lucene.apache.org/solr/:"its major features include powerful
full-text search, hit highlighting, faceted search, near real-time
indexing, dynamic clustering, database integration, rich document (e.g.,
Word, PDF) handling, and geospatial search".

Several vulnerabilities were fixed in recent versions of Solr:
- directory traversal when using XSLT or Velocity templates
(CVE-2013-6397 / SOLR-4882)
- XXE in UpdateRequestHandler (CVE-2013-6407 / SOLR-3895)
- XXE in DocumentAnalysisRequestHandler (CVE-2013-6408 / SOLR-4881)

These vulnerabilities were confirmed to be exploitable also on old
versions like 3.6.2. Gaining remote code execution is easy by combining
the directory traversal and XXE vulnerabilities.

If you wonder how these vulnerabilities could be exploited in real life
setups when Solr isn't reachable directly from the Internet, you may be
interested in the following blog post:
http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html

Cheers,
Nicolas Grégoire


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    6 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close