PT-2021-24132 · Apache · Apache Solr

Name of the Vulnerable Software and Affected Versions: Apache Solr versions prior to 8.11.1 Description: An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path, resulting in an SMB network call being made from the Solr host ...

VulnCheck KEV: CVE-2019-0193

The optional Apache Solr module DataImportHandler contains a code injection vulnerability...

The vulnerability of the DataImportHandler module of the Apache Solr search server allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the DataImportHandler module of the Apache Solr search server lies in its error handling for the “dataConfig” request. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

DEBIAN-CVE-2019-0193

In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debuggi...

DEBIAN-CVE-2018-1308

This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion XXE in the &dataConfig= parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the...