Lucene search
This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.SOLR_4_3_1.NASLHistoryJan 07, 2014 - 12:00 a.m.
Apache Solr < 4.3.1 XML External Entity Injection
2014-01-0700:00:00
This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.
www.tenable.com
28
The version of Apache Solr running on the remote web server is affected by an XML external entity injection vulnerability due to an incorrectly configured XML parser in the ‘DocumentAnalysisRequestHandler’ class. A remote, unauthenticated attacker can exploit this flaw to gain access to arbitrary files or to cause a denial of service condition.
Note that this issue exists due to an incomplete fix for CVE-2013-6407.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(71845);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2013-6408");
script_bugtraq_id(64009);
script_name(english:"Apache Solr < 4.3.1 XML External Entity Injection");
script_summary(english:"Checks version of Solr");
script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a Java application that is affected by
an XML External Entity (XXE) injection vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of Apache Solr running on the remote web server is
affected by an XML external entity injection vulnerability due to an
incorrectly configured XML parser in the
'DocumentAnalysisRequestHandler' class. A remote, unauthenticated
attacker can exploit this flaw to gain access to arbitrary files or to
cause a denial of service condition.
Note that this issue exists due to an incomplete fix for
CVE-2013-6407.");
script_set_attribute(attribute:"see_also", value:"https://issues.apache.org/jira/browse/SOLR-4881");
script_set_attribute(attribute:"see_also", value:"http://lucene.apache.org/solr/4_3_1/changes/Changes.html");
script_set_attribute(attribute:"solution", value:
"Upgrade to Apache Solr version 4.3.1 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/30");
script_set_attribute(attribute:"patch_publication_date", value:"2013/06/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/07");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:solr");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.");
script_dependencies("solr_detect.nbin");
script_require_keys("installed_sw/Apache Solr");
script_require_ports("Services/www", 8983);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("install_func.inc");
appname = "Apache Solr";
get_install_count(app_name:appname,exit_if_zero:TRUE);
port = get_http_port(default:8983);
install = get_single_install(
app_name:appname,
port:port,
exit_if_unknown_ver:TRUE
);
dir = install["path"];
version = install["version"];
install_url = build_url(port:port, qs:dir);
if (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_APP_VER, appname, install_url);
if (ver_compare(ver:version,fix:"4.3.1",strict:FALSE) == -1)
{
if (report_verbosity > 0)
{
report =
'\n URL : ' +install_url+
'\n Installed version : ' +version+
'\n Fixed version : 4.3.1\n';
security_warning(port:port, extra:report);
}
else security_warning(port);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, appname, install_url, version);
Related
cvelist
cvelist
ibm
ibm
debiancve
debiancve
cve
cve
ubuntucve
ubuntucve
osv
osv
XML Injection in Apache Solr
2022-05-17 04:39:49
lucene-solr - security update
2014-06-17 00:00:00
Apache Solr UpdateRequestHandler for XML resolves XML External Entities
2022-05-17 04:39:49
github
github
XML Injection in Apache Solr
2022-05-17 04:39:49
Apache Solr UpdateRequestHandler for XML resolves XML External Entities
2022-05-17 04:39:49
Improper Restriction of XML External Entity Reference in Apache Solr
2022-05-17 04:50:16
nessus
nessus
Apache Solr < 5.0 Multiple XXE
2017-02-13 00:00:00
Debian DSA-2963-1 : lucene-solr - security update
2014-06-18 00:00:00
Apache Solr < 4.1.0 Multiple XML External Entity Injections
2014-01-07 00:00:00
securityvulns
securityvulns
Vulnerabilities in Apache Solr < 4.6.0
2014-01-09 00:00:00
openvas
openvas
Debian Security Advisory DSA 2963-1 (lucene-solr - security update)
2014-06-17 00:00:00
Debian: Security Advisory (DSA-2963-1)
2014-06-16 00:00:00
debian
debian
[SECURITY] [DSA 2963-1] lucene-solr security update
2014-06-17 19:32:28
redhat
redhat
(RHSA-2014:0029) Important: Red Hat JBoss Data Grid 6.2.0 update
2014-01-15 17:38:16
Related for SOLR_4_3_1.NASL