Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:APACHE:SOLR-XXE-INFO-DIS

Severity

 Minor

Recommended

 Yes

Recommended Action

 Drop

Category

 HTTP

Keywords

 Apache Solr Data Import Handler XML External Entity Expansion Information Disclosure

Release Date

 2018/04/19

Update Number

 3057

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Apache Solr Data Import Handler XML External Entity Expansion Information Disclosure


This signature detects attempts to exploit a known vulnerability against Apache Solr. Successful exploitation results in the disclosure of file or directory contents for any file or directory readable by the Apache Solr service.

Extended Description

This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.

Affected Products

  • Apache solr 1.2
  • Apache solr 1.2.0
  • Apache solr 1.3.0
  • Apache solr 1.4.0
  • Apache solr 1.4.1
  • Apache solr 3.1
  • Apache solr 3.1.0
  • Apache solr 3.2
  • Apache solr 3.2.0
  • Apache solr 3.3
  • Apache solr 3.3.0
  • Apache solr 3.4.0
  • Apache solr 3.5.0
  • Apache solr 3.6.0
  • Apache solr 3.6.1
  • Apache solr 3.6.2
  • Apache solr 4.0.0
  • Apache solr 4.1.0
  • Apache solr 4.10.0
  • Apache solr 4.10.1
  • Apache solr 4.10.2
  • Apache solr 4.10.3
  • Apache solr 4.10.4
  • Apache solr 4.2.0
  • Apache solr 4.2.1
  • Apache solr 4.3.0
  • Apache solr 4.3.1
  • Apache solr 4.4.0
  • Apache solr 4.5.0
  • Apache solr 4.5.1
  • Apache solr 4.6.0
  • Apache solr 4.6.1
  • Apache solr 4.7.0
  • Apache solr 4.7.1
  • Apache solr 4.7.2
  • Apache solr 4.8.0
  • Apache solr 4.8.1
  • Apache solr 4.9.0
  • Apache solr 4.9.1
  • Apache solr 5.0
  • Apache solr 5.0.0
  • Apache solr 5.1
  • Apache solr 5.1.0
  • Apache solr 5.2.0
  • Apache solr 5.2.1
  • Apache solr 5.3
  • Apache solr 5.3.0
  • Apache solr 5.3.1
  • Apache solr 5.3.2
  • Apache solr 5.4.0
  • Apache solr 5.4.1
  • Apache solr 5.5.0
  • Apache solr 5.5.1
  • Apache solr 5.5.2
  • Apache solr 5.5.3
  • Apache solr 5.5.4
  • Apache solr 5.5.5
  • Apache solr 6.0.0
  • Apache solr 6.0.1
  • Apache solr 6.1.0
  • Apache solr 6.2.0
  • Apache solr 6.2.1
  • Apache solr 6.3.0
  • Apache solr 6.4.0
  • Apache solr 6.4.1
  • Apache solr 6.4.2
  • Apache solr 6.5.0
  • Apache solr 6.5.1
  • Apache solr 6.6.0
  • Apache solr 6.6.1
  • Apache solr 6.6.2
  • Apache solr 7.0.0
  • Apache solr 7.0.1
  • Apache solr 7.1.0
  • Apache solr 7.2.0
  • Apache solr 7.2.1
  • Debian debian_linux 7.0
  • Debian debian_linux 8.0
  • Debian debian_linux 9.0

References

  • CVE: CVE-2018-1308
  • URL: https://issues.apache.org/jira/browse/SOLR-11971

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out