Lucene search
ApacheCVELIST:CVE-2018-8026HistoryJul 05, 2018 - 2:00 p.m.
CVE-2018-8026
2018-07-0514:00:00
apache
www.cve.org
4
This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. The manipulated files can be uploaded as configsets using Solr’s API, allowing to exploit that vulnerability.
CNA Affected
[
{
"product": "Apache Solr",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "6.0.0 to 6.6.4"
},
{
"status": "affected",
"version": "7.0.0 to 7.3.1"
}
]
}
]Related
redhatcve
redhatcve
CVE-2018-8026
2018-07-06 02:48:36
nvd
nvd
CVE-2018-8026
2018-07-05 14:29:00
ubuntucve
ubuntucve
CVE-2018-8026
2018-07-05 00:00:00
cve
cve
CVE-2018-8026
2018-07-05 14:29:00
openvas
openvas
Apache Solr Multiple XXE Vulnerabilities (SOLR-12450) - Windows
2018-08-02 00:00:00
Apache Solr Multiple XXE Vulnerabilities (SOLR-12450) - Linux
2018-08-02 00:00:00
veracode
veracode
XML External Entity (XXE)
2018-07-05 03:11:40
osv
osv
XML external entity expansion in org.apache.solr:solr-core
2018-10-17 19:55:34
CVE-2018-8026
2018-07-05 14:29:00
github
github
XML external entity expansion in org.apache.solr:solr-core
2018-10-17 19:55:34
prion
prion
Xxe
2018-07-05 14:29:00
ibm
ibm
debiancve
debiancve
CVE-2018-8026
2018-07-05 14:29:00