Lucene search

K

PRIOn knowledge basePRION:CVE-2013-6397

HistoryDec 07, 2013 - 8:55 p.m.

Directory traversal

2013-12-0720:55:00

PRIOn knowledge base

www.prio-n.com

8

7 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.528 Medium

EPSS

Percentile

97.5%

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a … (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.

CPENameOperatorVersion
solreq4.5.0
solreq4.0.0 alpha
solrle4.5.1
solreq4.2.1
solreq4.3.0
solreq4.0.0 beta
solreq4.4.0
solreq4.2.0
solreq4.3.1
solreq4.0.0

Rows per page:

1-10 of 111

References

lucene.apache.org/solr/4_6_0/changes/Changes.html

rhn.redhat.com/errata/RHSA-2013-1844.html

rhn.redhat.com/errata/RHSA-2014-0029.html

secunia.com/advisories/55730

secunia.com/advisories/59372

www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html

www.openwall.com/lists/oss-security/2013/11/27/1

www.securityfocus.com/bid/63935

issues.apache.org/jira/browse/SOLR-4882

7 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.528 Medium

EPSS

Percentile

97.5%

Related for PRION:CVE-2013-6397

osv2 cve1 nessus2 openvas4 checkpoint_advisories1 ubuntucve1 cvelist1 github1 debiancve1 debian1 securityvulns2 redhat1