Lucene search
+L

7706 matches found

RedHat Linux
RedHat Linux
added 2013/12/16 6:16 p.m.5 views

Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler

The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

6.4CVSS5.8AI score0.114EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/12/16 6:16 p.m.7 views

Solr: XML eXternal Entity (XXE) flaw in DocumentAnalysisRequestHandler

The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Enti...

6.4CVSS5.8AI score0.114EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/12/16 6:16 p.m.8 views

Important: Red Hat Security Advisory: Red Hat JBoss Web Framework Kit 2.4.0 update

An update for the solr-core component of Red Hat JBoss Web Framework Kit 2.4.0 that fixes multiple security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System...

7.5CVSS6AI score0.56255EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2013/12/16 6:16 p.m.3 views

Solr: directory traversal when loading XSL stylesheets and Velocity templates

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. dot dot or full pathname in the tr parameter to solr/select/, when the response writer wt parameter is set to XSLT. NOTE: this can be leveraged using a separa...

4.3CVSS6AI score0.56255EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2013/12/16 6:16 p.m.4 views

Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler

The 1 UpdateRequestHandler for XSLT or 2 XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, different...

7.5CVSS5.8AI score0.10075EPSS
Exploits0References4
Prion
Prion
added 2013/12/13 8:8 p.m.15 views

Xxe

The XML parser crmflexdata in SAP Customer Relationship Management CRM 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity XXE issue...

10CVSS7.1AI score0.02064EPSS
Exploits0References7Affected Software1
RedHat Linux
RedHat Linux
added 2013/12/11 2:24 a.m.6 views

php: Ability to read arbitrary files due use of external entities while parsing SOAP WSDL files

The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue in the soapxmlParseFile and...

5CVSS7.4AI score0.10136EPSS
Exploits0References4
OSV
OSV
added 2013/12/07 9:55 p.m.13 views

CVE-2012-6612

The 1 UpdateRequestHandler for XSLT or 2 XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, different...

6.5AI score
Exploits0References4
Prion
Prion
added 2013/12/07 9:55 p.m.29 views

Xxe

The 1 UpdateRequestHandler for XSLT or 2 XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, different...

7.5CVSS7.2AI score0.114EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2013/12/07 9:55 p.m.4 views

UBUNTU-CVE-2012-6612

The 1 UpdateRequestHandler for XSLT or 2 XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, different...

7.5CVSS5.7AI score0.10075EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2013/12/07 9:0 p.m.63 views

CVE-2012-6612

The 1 UpdateRequestHandler for XSLT or 2 XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, different...

7.5CVSS6.5AI score0.10075EPSS
Exploits0
OSV
OSV
added 2013/12/07 8:55 p.m.7 views

CVE-2013-6397

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. dot dot or full pathname in the tr parameter to solr/select/, when the response writer wt parameter is set to XSLT. NOTE: this can be leveraged using a separa...

4.3CVSS6.4AI score0.56255EPSS
Exploits1References9
NVD
NVD
added 2013/12/07 8:55 p.m.18 views

CVE-2013-6408

The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Enti...

6.4CVSS6.5AI score0.114EPSS
Exploits0References7
NVD
NVD
added 2013/12/07 8:55 p.m.27 views

CVE-2013-6397

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. dot dot or full pathname in the tr parameter to solr/select/, when the response writer wt parameter is set to XSLT. NOTE: this can be leveraged using a separa...

4.3CVSS6.4AI score0.56255EPSS
Exploits1References9
OSV
OSV
added 2013/12/07 8:55 p.m.9 views

CVE-2013-6407

The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

6.5AI score
Exploits0References7
OSV
OSV
added 2013/12/07 8:55 p.m.3 views

DEBIAN-CVE-2013-6408

The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Enti...

6.4CVSS6.9AI score0.114EPSS
Exploits0References1
OSV
OSV
added 2013/12/07 8:55 p.m.3 views

DEBIAN-CVE-2013-6407

The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

6.4CVSS7.3AI score0.114EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2013/12/07 8:55 p.m.27 views

CVE-2013-6408

The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Enti...

6.4CVSS5.8AI score0.114EPSS
Exploits0References3
Prion
Prion
added 2013/12/07 8:55 p.m.26 views

Xxe

The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

6.4CVSS6.8AI score0.114EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2013/12/07 8:55 p.m.20 views

Xxe

The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Enti...

6.4CVSS6.8AI score0.114EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder