11 matches found
Security Bulletin: Multiple vulnerabilities in Apache Solr affect IBM Rational ClearQuest (CVE-2013-6407, CVE-2013-6408)
Summary The Apache Solr that is shipped with IBM Rational ClearQuest contains multiple security vulnerabilities. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2013-6407 DESCRIPTION: Apache Solr could allow a remote authenticated attacker to obtain...
Apache Solr < 5.0 Multiple XXE
Binary data 9943.prm...
[SECURITY] [DSA 2963-1] lucene-solr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2963-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 17, 2014 http://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-2963-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apache Solr XML External Entity (XXE) Vulnerability (SOLR-4881, SOLR-5520) - Windows
Apache Solr is prone to an XML external entity XXE vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:solr";...
Important: Red Hat Security Advisory: Red Hat JBoss Data Grid 6.2.0 update
Red Hat JBoss Data Grid 6.2.0, which fixes multiple security issues, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base...
CVE-2013-6408
The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Enti...
CVE-2013-6408
The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Enti...
CVE-2013-6408
CVE-2013-6408 affects Apache Solr’s DocumentAnalysisRequestHandler prior to 4.3.1, enabling XXE via XML with external entity declarations and an entity reference. Public documents (including Nessus notes) corroborate XXE across Solr 3.6.0–4.3.1 and reference related CVEs (e.g., CVE-2013-6407). Im...
CVE-2013-6408
The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Enti...
CVE-2013-6408
The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Enti...