Lucene search
K

4 matches found

OSV
OSV
added 2022/05/24 10:0 p.m.26 views

GHSA-JQ2W-W7V2-69Q5 Apache Solr vulnerable to XML Bomb

Solr versions prior to 5.0.0 are vulnerable to an XML resource consumption attack a.k.a. Lol Bomb via it?s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs...

7.5CVSS7.3AI score0.07505EPSS
Exploits1References13
Prion
Prion
added 2019/09/10 3:15 p.m.24 views

Design/Logic Flaw

Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack a.k.a. Lol Bomb via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML...

5CVSS7.4AI score0.07505EPSS
Exploits1References11Affected Software1
Cvelist
Cvelist
added 2019/09/10 2:6 p.m.43 views

CVE-2019-12401

Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack a.k.a. Lol Bomb via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML...

7.4AI score0.07505EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2019/09/10 12:0 a.m.5 views

PT-2019-12786 · Apache · Solr

Name of the Vulnerable Software and Affected Versions: Solr versions 1.3.0 through 1.4.1 Solr versions 3.1.0 through 3.6.2 Solr versions 4.0.0 through 4.10.4 Solr versions prior to 5.0.0 Description: The issue allows for an XML resource consumption attack, also known as a Lol Bomb, via the update...

7.5CVSS7.4AI score0.07505EPSS
Exploits1References22
Rows per page
Query Builder