2 matches found
Apache Solr 7.0.0 < 7.2.1 XML Entity Expansion
This vulnerability in Apache Solr 1.2 parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server. Note that the scanner has not tested for these issues but has instead relied only on the application's...
CVE-2018-1308
CVE-2018-1308 is an XML External Entity (XXE) vulnerability in Apache Solr’s DataImportHandler, affecting Solr 1.2–6.6.2 and 7.0–7.2.1. The vulnerability stems from an XXE flaw in the dataConfig parameter of the DataImportHandler, enabling an attacker to read arbitrary local files via file/ftp/ht...