7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.024 Low
EPSS
Percentile
89.8%
Package : lucene-solr
Version : 3.6.0+dfsg-1+deb7u4
CVE ID : CVE-2018-1308
Debian Bug : #896604
It was discovered that there was an XML external entity expansion (XXE)
vulnerability in lucene-solr, a search engine library for Java.
It could be exploited to read arbitrary local files from the Solr server
or the internal network. For Debian 7 "Wheezy", this issue has been fixed
in lucene-solr version 3.6.0+dfsg-1+deb7u4.
We recommend that you upgrade your lucene-solr packages.
Regards,
,''`.
: :' : Chris Lamb
`. `'` [email protected] / chris-lamb.co.uk
`-
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | all | liblucene3-contrib-java | < 3.6.0+dfsg-1+deb7u4 | liblucene3-contrib-java_3.6.0+dfsg-1+deb7u4_all.deb |
Debian | 8 | all | lucene-solr | < 3.6.2+dfsg-5+deb8u2 | lucene-solr_3.6.2+dfsg-5+deb8u2_all.deb |
Debian | 9 | all | liblucene3-java | < 3.6.2+dfsg-10+deb9u2 | liblucene3-java_3.6.2+dfsg-10+deb9u2_all.deb |
Debian | 9 | all | lucene-solr | < 3.6.2+dfsg-10+deb9u2 | lucene-solr_3.6.2+dfsg-10+deb9u2_all.deb |
Debian | 7 | all | liblucene3-java-doc | < 3.6.0+dfsg-1+deb7u4 | liblucene3-java-doc_3.6.0+dfsg-1+deb7u4_all.deb |
Debian | 7 | all | liblucene3-java | < 3.6.0+dfsg-1+deb7u4 | liblucene3-java_3.6.0+dfsg-1+deb7u4_all.deb |
Debian | 9 | all | solr-tomcat | < 3.6.2+dfsg-10+deb9u2 | solr-tomcat_3.6.2+dfsg-10+deb9u2_all.deb |
Debian | 9 | all | liblucene3-java-doc | < 3.6.2+dfsg-10+deb9u2 | liblucene3-java-doc_3.6.2+dfsg-10+deb9u2_all.deb |
Debian | 8 | all | solr-jetty | < 3.6.2+dfsg-5+deb8u2 | solr-jetty_3.6.2+dfsg-5+deb8u2_all.deb |
Debian | 8 | all | solr-common | < 3.6.2+dfsg-5+deb8u2 | solr-common_3.6.2+dfsg-5+deb8u2_all.deb |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.024 Low
EPSS
Percentile
89.8%