6 matches found
Security Bulletin: IBM Operations Analytics - Log Analysis is affected by incorrect authorisation and XML external entity (XXE) vulnerabilities due to Apache Solr.
Summary Apache Solr is used by IBM Operations Analytics - Log Analysis as part of managing Solr collection and arbitary local file. CVE-2018-11802, CVE-2018-1308. Vulnerability Details CVEID:CVE-2018-11802 DESCRIPTION: In Apache Solr, the cluster can be partitioned into multiple collections and...
[SECURITY] [DSA 4194-1] lucene-solr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4194-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 06, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1360-1] lucene-solr security update
Package : lucene-solr Version : 3.6.0+dfsg-1+deb7u4 CVE ID : CVE-2018-1308 Debian Bug : 896604 It was discovered that there was an XML external entity expansion XXE vulnerability in lucene-solr, a search engine library for Java. It could be exploited to read arbitrary local files from the Solr...
CVE-2018-1308
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion XXE in the &dataConfig= parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the...
CVE-2018-1308
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion XXE in the = parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network...
Apache Solr XXE Vulnerability (SOLR-11971) - Windows
Apache Solr is prone to a XXE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:solr"; if description...