Vulnerability-Lookup

CVE-2013-6397 (GCVE-0-2013-6397)

Vulnerability from cvelistv5 – Published: 2013-12-07 20:00 – Updated: 2024-08-06 17:39

Summary

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

RHSA-2014:0029

Vulnerability from csaf_redhat - Published: 2014-01-15 17:45 - Updated: 2025-11-21 17:46

Summary

Red Hat Security Advisory: Red Hat JBoss Data Grid 6.2.0 update

Notes

Topic

Red Hat JBoss Data Grid 6.2.0, which fixes multiple security issues, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Details

Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 6.2.0 serves as a replacement for Red Hat JBoss Data Grid 6.1.0. It includes various bug fixes and enhancements which are detailed in the Red Hat JBoss Data Grid 6.2.0 Release Notes. The Release Notes will be available shortly from https://access.redhat.com/site/documentation/Red_Hat_JBoss_Data_Grid/ This update also fixes the following security issues: Multiple path traversal flaws where found in the Mojarra JSF2 implementation for identifying resources by name or by library. An unauthenticated, remote attacker could use these flaws to gather otherwise undisclosed information from within an application's root directory. (CVE-2013-3827) It was found that the SolrResourceLoader class in Apache Solr allowed loading of resources via absolute paths, or relative paths which were not sanitized for directory traversal. Some Solr components expose REST interfaces which load resources (XSL style sheets and Velocity templates) via SolrResourceLoader, using paths identified by REST parameters. A remote attacker could use this flaw to load arbitrary local files on the server via SolrResourceLoader, potentially resulting in information disclosure or remote code execution. (CVE-2013-6397) It was found that the XML and XSLT UpdateRequestHandler classes in Apache Solr would resolve external entities, allowing an attacker to conduct XML External Entity (XXE) attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. (CVE-2012-6612, CVE-2013-6407) It was found that the DocumentAnalysisRequestHandler class in Apache Solr would resolve external entities, allowing an attacker to conduct XXE attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. (CVE-2013-6408) The data file used by PicketBox Vault to store encrypted passwords contains a copy of its own admin key. The file is encrypted using only this admin key, not the corresponding JKS key. A local attacker with permission to read the vault data file could read the admin key from the file. (CVE-2013-1921) The HawtJNI Library class wrote native libraries to a predictable file name in /tmp/ when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed. (CVE-2013-2035) A flaw was found in JGroup's DiagnosticsHandler that allowed an attacker on an adjacent network to reuse the credentials from a previous successful authentication. This could be exploited to read diagnostic information (information disclosure) and attain limited remote code execution. (CVE-2013-4112) Note that CVE-2013-6397, CVE-2013-6407, and CVE-2013-6408 are not exposed by default. They are only exploitable if a user has manually exposed servlets provided in the Apachr Solr component that ships with Red Hat JBoss Data Grid, or written their own code that makes use of the vulnerable elements of Apache Solr. The CVE-2013-2035 issue was discovered by Florian Weimer of the Red Hat Product Security Team. All users of Red Hat JBoss Data Grid 6.1.0 as provided from the Red Hat Customer Portal are advised to upgrade to Red Hat JBoss Data Grid 6.2.0.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat JBoss Data Grid 6.2.0, which fixes multiple security issues,\nvarious bugs, and adds enhancements, is now available from the Red Hat\nCustomer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Data Grid is a distributed in-memory data grid, based on\nInfinispan.\n\nThis release of Red Hat JBoss Data Grid 6.2.0 serves as a replacement for\nRed Hat JBoss Data Grid 6.1.0. It includes various bug fixes and\nenhancements which are detailed in the Red Hat JBoss Data Grid 6.2.0\nRelease Notes. The Release Notes will be available shortly from\nhttps://access.redhat.com/site/documentation/Red_Hat_JBoss_Data_Grid/\n\nThis update also fixes the following security issues:\n\nMultiple path traversal flaws where found in the Mojarra JSF2\nimplementation for identifying resources by name or by library.\nAn unauthenticated, remote attacker could use these flaws to gather\notherwise undisclosed information from within an application\u0027s root\ndirectory. (CVE-2013-3827)\n\nIt was found that the SolrResourceLoader class in Apache Solr allowed\nloading of resources via absolute paths, or relative paths which were not\nsanitized for directory traversal. Some Solr components expose REST\ninterfaces which load resources (XSL style sheets and Velocity templates)\nvia SolrResourceLoader, using paths identified by REST parameters. A remote\nattacker could use this flaw to load arbitrary local files on the server\nvia SolrResourceLoader, potentially resulting in information disclosure or\nremote code execution. (CVE-2013-6397)\n\nIt was found that the XML and XSLT UpdateRequestHandler classes in Apache\nSolr would resolve external entities, allowing an attacker to conduct XML\nExternal Entity (XXE) attacks. A remote attacker could use this flaw to\nread files accessible to the user running the application server, and\npotentially perform other more advanced XXE attacks. (CVE-2012-6612,\nCVE-2013-6407)\n\nIt was found that the DocumentAnalysisRequestHandler class in Apache Solr\nwould resolve external entities, allowing an attacker to conduct XXE\nattacks. A remote attacker could use this flaw to read files accessible to\nthe user running the application server, and potentially perform other more\nadvanced XXE attacks. (CVE-2013-6408)\n\nThe data file used by PicketBox Vault to store encrypted passwords contains\na copy of its own admin key. The file is encrypted using only this admin\nkey, not the corresponding JKS key. A local attacker with permission to\nread the vault data file could read the admin key from the file.\n(CVE-2013-1921)\n\nThe HawtJNI Library class wrote native libraries to a predictable file name\nin /tmp/ when the native libraries were bundled in a JAR file, and no\ncustom library path was specified. A local attacker could overwrite these\nnative libraries with malicious versions during the window between when\nHawtJNI writes them and when they are executed. (CVE-2013-2035)\n\nA flaw was found in JGroup\u0027s DiagnosticsHandler that allowed an attacker on\nan adjacent network to reuse the credentials from a previous successful\nauthentication. This could be exploited to read diagnostic information\n(information disclosure) and attain limited remote code execution.\n(CVE-2013-4112)\n\nNote that CVE-2013-6397, CVE-2013-6407, and CVE-2013-6408 are not exposed\nby default. They are only exploitable if a user has manually exposed\nservlets provided in the Apachr Solr component that ships with Red Hat\nJBoss Data Grid, or written their own code that makes use of the vulnerable\nelements of Apache Solr.\n\nThe CVE-2013-2035 issue was discovered by Florian Weimer of the Red Hat\nProduct Security Team.\n\nAll users of Red Hat JBoss Data Grid 6.1.0 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Data Grid 6.2.0.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2014:0029",
        "url": "https://access.redhat.com/errata/RHSA-2014:0029"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid\u0026downloadType=distributions",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid\u0026downloadType=distributions"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/site/documentation/Red_Hat_JBoss_Data_Grid/",
        "url": "https://access.redhat.com/site/documentation/Red_Hat_JBoss_Data_Grid/"
      },
      {
        "category": "external",
        "summary": "948106",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=948106"
      },
      {
        "category": "external",
        "summary": "958618",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=958618"
      },
      {
        "category": "external",
        "summary": "983489",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=983489"
      },
      {
        "category": "external",
        "summary": "1035062",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1035062"
      },
      {
        "category": "external",
        "summary": "1035981",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1035981"
      },
      {
        "category": "external",
        "summary": "1035985",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1035985"
      },
      {
        "category": "external",
        "summary": "1038898",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1038898"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0029.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Data Grid 6.2.0 update",
    "tracking": {
      "current_release_date": "2025-11-21T17:46:52+00:00",
      "generator": {
        "date": "2025-11-21T17:46:52+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2014:0029",
      "initial_release_date": "2014-01-15T17:45:50+00:00",
      "revision_history": [
        {
          "date": "2014-01-15T17:45:50+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2019-02-20T12:32:49+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:46:52+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Data Grid 6.2",
                "product": {
                  "name": "Red Hat JBoss Data Grid 6.2",
                  "product_id": "Red Hat JBoss Data Grid 6.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_data_grid:6.2.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Data Grid"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2012-6612",
      "discovery_date": "2013-11-29T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1035981"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Data Grid 6.2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2012-6612"
        },
        {
          "category": "external",
          "summary": "RHBZ#1035981",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1035981"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2012-6612",
          "url": "https://www.cve.org/CVERecord?id=CVE-2012-6612"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-6612",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6612"
        }
      ],
      "release_date": "2012-09-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-01-15T17:45:50+00:00",
          "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation.",
          "product_ids": [
            "Red Hat JBoss Data Grid 6.2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0029"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "Red Hat JBoss Data Grid 6.2"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler"
    },
    {
      "cve": "CVE-2013-1921",
      "discovery_date": "2013-04-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "948106"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "PicketBox: Insecure storage of masked passwords",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Data Grid 6.2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-1921"
        },
        {
          "category": "external",
          "summary": "RHBZ#948106",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=948106"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-1921",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-1921"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1921",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1921"
        }
      ],
      "release_date": "2013-09-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-01-15T17:45:50+00:00",
          "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation.",
          "product_ids": [
            "Red Hat JBoss Data Grid 6.2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0029"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 1.7,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "Red Hat JBoss Data Grid 6.2"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "PicketBox: Insecure storage of masked passwords"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Florian Weimer"
          ],
          "organization": "Red Hat Product Security Team",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2013-2035",
      "cwe": {
        "id": "CWE-377",
        "name": "Insecure Temporary File"
      },
      "discovery_date": "2013-04-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "958618"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "HawtJNI: predictable temporary file name leading to local arbitrary code execution",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Data Grid 6.2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-2035"
        },
        {
          "category": "external",
          "summary": "RHBZ#958618",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=958618"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2035",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-2035"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2035",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2035"
        }
      ],
      "release_date": "2013-05-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-01-15T17:45:50+00:00",
          "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation.",
          "product_ids": [
            "Red Hat JBoss Data Grid 6.2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0029"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "Red Hat JBoss Data Grid 6.2"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "HawtJNI: predictable temporary file name leading to local arbitrary code execution"
    },
    {
      "cve": "CVE-2013-3827",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2013-12-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1038898"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "JSF2: Multiple Information Disclosure flaws due to unsafe path traversal",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Data Grid 6.2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-3827"
        },
        {
          "category": "external",
          "summary": "RHBZ#1038898",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1038898"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-3827",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-3827"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-3827",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3827"
        }
      ],
      "release_date": "2013-10-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-01-15T17:45:50+00:00",
          "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation.",
          "product_ids": [
            "Red Hat JBoss Data Grid 6.2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0029"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "Red Hat JBoss Data Grid 6.2"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "JSF2: Multiple Information Disclosure flaws due to unsafe path traversal"
    },
    {
      "cve": "CVE-2013-4112",
      "discovery_date": "2013-07-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "983489"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "JGroups: Authentication via cached credentials",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Data Grid 6.2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-4112"
        },
        {
          "category": "external",
          "summary": "RHBZ#983489",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=983489"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-4112",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-4112"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4112",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4112"
        }
      ],
      "release_date": "2013-07-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-01-15T17:45:50+00:00",
          "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation.",
          "product_ids": [
            "Red Hat JBoss Data Grid 6.2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0029"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "Red Hat JBoss Data Grid 6.2"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "JGroups: Authentication via cached credentials"
    },
    {
      "cve": "CVE-2013-6397",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2013-11-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1035062"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT.  NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Solr: directory traversal when loading XSL stylesheets and Velocity templates",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Data Grid 6.2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-6397"
        },
        {
          "category": "external",
          "summary": "RHBZ#1035062",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1035062"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-6397",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-6397"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-6397",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6397"
        },
        {
          "category": "external",
          "summary": "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html",
          "url": "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html"
        }
      ],
      "release_date": "2013-11-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-01-15T17:45:50+00:00",
          "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation.",
          "product_ids": [
            "Red Hat JBoss Data Grid 6.2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0029"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "Red Hat JBoss Data Grid 6.2"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Solr: directory traversal when loading XSL stylesheets and Velocity templates"
    },
    {
      "cve": "CVE-2013-6407",
      "discovery_date": "2013-11-29T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1035981"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Data Grid 6.2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-6407"
        },
        {
          "category": "external",
          "summary": "RHBZ#1035981",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1035981"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-6407",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-6407"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-6407",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6407"
        }
      ],
      "release_date": "2012-09-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-01-15T17:45:50+00:00",
          "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation.",
          "product_ids": [
            "Red Hat JBoss Data Grid 6.2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0029"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "Red Hat JBoss Data Grid 6.2"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler"
    },
    {
      "cve": "CVE-2013-6408",
      "discovery_date": "2013-11-29T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1035985"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Solr: XML eXternal Entity (XXE) flaw in DocumentAnalysisRequestHandler",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Data Grid 6.2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-6408"
        },
        {
          "category": "external",
          "summary": "RHBZ#1035985",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1035985"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-6408",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-6408"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-6408",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6408"
        }
      ],
      "release_date": "2013-05-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-01-15T17:45:50+00:00",
          "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation.",
          "product_ids": [
            "Red Hat JBoss Data Grid 6.2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0029"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "Red Hat JBoss Data Grid 6.2"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Solr: XML eXternal Entity (XXE) flaw in DocumentAnalysisRequestHandler"
    }
  ]
}

RHSA-2013:1844

Vulnerability from csaf_redhat - Published: 2013-12-16 18:16 - Updated: 2025-11-21 17:46

Summary

Red Hat Security Advisory: Red Hat JBoss Web Framework Kit 2.4.0 update

Notes

Topic

An update for the solr-core component of Red Hat JBoss Web Framework Kit 2.4.0 that fixes multiple security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Details

Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. The Apache Solr component is an open-source search server based on the Lucene Java search library. It was found that the SolrResourceLoader class in Apache Solr allowed loading of resources via absolute paths, or relative paths which were not sanitized for directory traversal. Some Solr components expose REST interfaces which load resources (XSL style sheets and Velocity templates) via SolrResourceLoader, using paths identified by REST parameters. A remote attacker could use this flaw to load arbitrary local files on the server via SolrResourceLoader, potentially resulting in information disclosure or remote code execution. (CVE-2013-6397) It was found that the XML and XSLT UpdateRequestHandler classes in Apache Solr would resolve external entities, allowing an attacker to conduct XML External Entity (XXE) attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. (CVE-2012-6612, CVE-2013-6407) It was found that the DocumentAnalysisRequestHandler class in Apache Solr would resolve external entities, allowing an attacker to conduct XXE attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. (CVE-2013-6408) All users of Red Hat JBoss Web Framework Kit 2.4.0 as provided from the Red Hat Customer Portal are advised to apply this update.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for the solr-core component of Red Hat JBoss Web Framework Kit\n2.4.0 that fixes multiple security issues is now available from the Red Hat\nCustomer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Web Framework Kit combines popular open source web frameworks\ninto a single solution for Java applications. The Apache Solr component is\nan open-source search server based on the Lucene Java search library.\n\nIt was found that the SolrResourceLoader class in Apache Solr allowed\nloading of resources via absolute paths, or relative paths which were not\nsanitized for directory traversal. Some Solr components expose REST\ninterfaces which load resources (XSL style sheets and Velocity templates)\nvia SolrResourceLoader, using paths identified by REST parameters. A remote\nattacker could use this flaw to load arbitrary local files on the server\nvia SolrResourceLoader, potentially resulting in information disclosure or\nremote code execution. (CVE-2013-6397)\n\nIt was found that the XML and XSLT UpdateRequestHandler classes in Apache\nSolr would resolve external entities, allowing an attacker to conduct XML\nExternal Entity (XXE) attacks. A remote attacker could use this flaw to\nread files accessible to the user running the application server, and\npotentially perform other more advanced XXE attacks. (CVE-2012-6612,\nCVE-2013-6407)\n\nIt was found that the DocumentAnalysisRequestHandler class in Apache Solr\nwould resolve external entities, allowing an attacker to conduct XXE\nattacks. A remote attacker could use this flaw to read files accessible to\nthe user running the application server, and potentially perform other more\nadvanced XXE attacks. (CVE-2013-6408)\n\nAll users of Red Hat JBoss Web Framework Kit 2.4.0 as provided from the Red\nHat Customer Portal are advised to apply this update.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2013:1844",
        "url": "https://access.redhat.com/errata/RHSA-2013:1844"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=web.framework.kit\u0026downloadType=securityPatches\u0026version=2.4.0",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=web.framework.kit\u0026downloadType=securityPatches\u0026version=2.4.0"
      },
      {
        "category": "external",
        "summary": "1035062",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1035062"
      },
      {
        "category": "external",
        "summary": "1035981",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1035981"
      },
      {
        "category": "external",
        "summary": "1035985",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1035985"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1844.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Web Framework Kit 2.4.0 update",
    "tracking": {
      "current_release_date": "2025-11-21T17:46:36+00:00",
      "generator": {
        "date": "2025-11-21T17:46:36+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2013:1844",
      "initial_release_date": "2013-12-16T18:16:00+00:00",
      "revision_history": [
        {
          "date": "2013-12-16T18:16:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-06-15T16:41:29+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:46:36+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Web Framework Kit 2.4",
                "product": {
                  "name": "Red Hat JBoss Web Framework Kit 2.4",
                  "product_id": "Red Hat JBoss Web Framework Kit 2.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_web_framework:2.4.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Web Framework Kit"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2012-6612",
      "discovery_date": "2013-11-29T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1035981"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Web Framework Kit 2.4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2012-6612"
        },
        {
          "category": "external",
          "summary": "RHBZ#1035981",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1035981"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2012-6612",
          "url": "https://www.cve.org/CVERecord?id=CVE-2012-6612"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-6612",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6612"
        }
      ],
      "release_date": "2012-09-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-12-16T18:16:00+00:00",
          "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting installation of Red Hat JBoss Web Framework Kit.\n\nThe JBoss server process must be restarted for this update to take effect.",
          "product_ids": [
            "Red Hat JBoss Web Framework Kit 2.4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:1844"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "Red Hat JBoss Web Framework Kit 2.4"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler"
    },
    {
      "cve": "CVE-2013-6397",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2013-11-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1035062"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT.  NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Solr: directory traversal when loading XSL stylesheets and Velocity templates",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Web Framework Kit 2.4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-6397"
        },
        {
          "category": "external",
          "summary": "RHBZ#1035062",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1035062"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-6397",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-6397"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-6397",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6397"
        },
        {
          "category": "external",
          "summary": "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html",
          "url": "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html"
        }
      ],
      "release_date": "2013-11-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-12-16T18:16:00+00:00",
          "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting installation of Red Hat JBoss Web Framework Kit.\n\nThe JBoss server process must be restarted for this update to take effect.",
          "product_ids": [
            "Red Hat JBoss Web Framework Kit 2.4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:1844"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "Red Hat JBoss Web Framework Kit 2.4"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Solr: directory traversal when loading XSL stylesheets and Velocity templates"
    },
    {
      "cve": "CVE-2013-6407",
      "discovery_date": "2013-11-29T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1035981"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Web Framework Kit 2.4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-6407"
        },
        {
          "category": "external",
          "summary": "RHBZ#1035981",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1035981"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-6407",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-6407"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-6407",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6407"
        }
      ],
      "release_date": "2012-09-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-12-16T18:16:00+00:00",
          "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting installation of Red Hat JBoss Web Framework Kit.\n\nThe JBoss server process must be restarted for this update to take effect.",
          "product_ids": [
            "Red Hat JBoss Web Framework Kit 2.4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:1844"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "Red Hat JBoss Web Framework Kit 2.4"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler"
    },
    {
      "cve": "CVE-2013-6408",
      "discovery_date": "2013-11-29T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1035985"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Solr: XML eXternal Entity (XXE) flaw in DocumentAnalysisRequestHandler",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Web Framework Kit 2.4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-6408"
        },
        {
          "category": "external",
          "summary": "RHBZ#1035985",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1035985"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-6408",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-6408"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-6408",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6408"
        }
      ],
      "release_date": "2013-05-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-12-16T18:16:00+00:00",
          "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting installation of Red Hat JBoss Web Framework Kit.\n\nThe JBoss server process must be restarted for this update to take effect.",
          "product_ids": [
            "Red Hat JBoss Web Framework Kit 2.4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:1844"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "Red Hat JBoss Web Framework Kit 2.4"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Solr: XML eXternal Entity (XXE) flaw in DocumentAnalysisRequestHandler"
    }
  ]
}

GSD-2013-6397

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-6397

Aliases

CVE-2013-6397

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-6397",
    "description": "Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT.  NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.",
    "id": "GSD-2013-6397",
    "references": [
      "https://www.debian.org/security/2014/dsa-2963",
      "https://access.redhat.com/errata/RHSA-2014:0029",
      "https://access.redhat.com/errata/RHSA-2013:1844"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-6397"
      ],
      "details": "Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.",
      "id": "GSD-2013-6397",
      "modified": "2023-12-13T01:22:19.584665Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2013-6397",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2014-0029.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0029.html"
          },
          {
            "name": "http://lucene.apache.org/solr/4_6_0/changes/Changes.html",
            "refsource": "MISC",
            "url": "http://lucene.apache.org/solr/4_6_0/changes/Changes.html"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2013-1844.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1844.html"
          },
          {
            "name": "http://secunia.com/advisories/55730",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/55730"
          },
          {
            "name": "http://secunia.com/advisories/59372",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/59372"
          },
          {
            "name": "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html",
            "refsource": "MISC",
            "url": "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2013/11/27/1",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2013/11/27/1"
          },
          {
            "name": "http://www.securityfocus.com/bid/63935",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/63935"
          },
          {
            "name": "https://issues.apache.org/jira/browse/SOLR-4882",
            "refsource": "MISC",
            "url": "https://issues.apache.org/jira/browse/SOLR-4882"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,4.5.1]",
          "affected_versions": "All versions up to 4.5.1",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-22",
            "CWE-937"
          ],
          "date": "2015-10-23",
          "description": "Directory traversal vulnerability in SolrResourceLoader in this package allows remote attackers to read arbitrary files via a `..` (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.",
          "fixed_versions": [
            "4.6.0",
            "5.0.0"
          ],
          "identifier": "CVE-2013-6397",
          "identifiers": [
            "CVE-2013-6397"
          ],
          "not_impacted": "All versions after 4.5.1",
          "package_slug": "maven/org.apache.solr/solr-core",
          "pubdate": "2013-12-07",
          "solution": "Upgrade to versions 4.6.0, 5.0.0 or above.",
          "title": "Directory traversal when loading XSL stylesheets and Velocity templates",
          "urls": [
            "https://bugzilla.redhat.com/CVE-2013-6397"
          ],
          "uuid": "aefb6b6f-4f53-4411-9a4e-1ed1fa86bac1"
        },
        {
          "affected_range": "(,4.5.1]",
          "affected_versions": "All versions up to 4.5.1",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-22",
            "CWE-937"
          ],
          "date": "2015-10-23",
          "description": "Directory traversal vulnerability in `SolrResourceLoader` in Apache Solr allows remote attackers to read arbitrary files via a `..` (dot dot) or full pathname in the tr parameter to `solr/select/`, when the response writer (wt parameter) is set to XSLT.",
          "fixed_versions": [
            "4.6.0"
          ],
          "identifier": "CVE-2013-6397",
          "identifiers": [
            "CVE-2013-6397"
          ],
          "not_impacted": "All versions after 4.5.1",
          "package_slug": "maven/org.apache.solr/solr-velocity",
          "pubdate": "2013-12-07",
          "solution": "Upgrade to version 4.6.0 or above.",
          "title": "Path Traversal",
          "urls": [
            "https://bugzilla.redhat.com/CVE-2013-6397"
          ],
          "uuid": "beab4a4e-aa11-4042-8e15-468d44ecf1ea"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:solr:4.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:solr:4.0.0:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.5.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:solr:4.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:solr:4.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:solr:4.0.0:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:solr:4.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:solr:4.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:solr:4.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:solr:4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:solr:4.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-6397"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "55730",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/55730"
            },
            {
              "name": "http://lucene.apache.org/solr/4_6_0/changes/Changes.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://lucene.apache.org/solr/4_6_0/changes/Changes.html"
            },
            {
              "name": "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html"
            },
            {
              "name": "[oss-security] 20131126 Re: CVE request: Apache Solr 4.6.0",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2013/11/27/1"
            },
            {
              "name": "https://issues.apache.org/jira/browse/SOLR-4882",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "https://issues.apache.org/jira/browse/SOLR-4882"
            },
            {
              "name": "RHSA-2013:1844",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1844.html"
            },
            {
              "name": "RHSA-2014:0029",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0029.html"
            },
            {
              "name": "59372",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/59372"
            },
            {
              "name": "63935",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/63935"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-02-13T04:49Z",
      "publishedDate": "2013-12-07T20:55Z"
    }
  }
}

FKIE_CVE-2013-6397

Vulnerability from fkie_nvd - Published: 2013-12-07 20:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://lucene.apache.org/solr/4_6_0/changes/Changes.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2013-1844.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2014-0029.html
secalert@redhat.com	http://secunia.com/advisories/55730	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/59372
secalert@redhat.com	http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html	Exploit
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/11/27/1
secalert@redhat.com	http://www.securityfocus.com/bid/63935
secalert@redhat.com	https://issues.apache.org/jira/browse/SOLR-4882	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lucene.apache.org/solr/4_6_0/changes/Changes.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2013-1844.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2014-0029.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/55730	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59372
af854a3a-2127-422b-91ae-364da2661108	http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/11/27/1
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/63935
af854a3a-2127-422b-91ae-364da2661108	https://issues.apache.org/jira/browse/SOLR-4882	Patch

Impacted products

Vendor	Product	Version
apache	solr	*
apache	solr	4.0.0
apache	solr	4.0.0
apache	solr	4.0.0
apache	solr	4.1.0
apache	solr	4.2.0
apache	solr	4.2.1
apache	solr	4.3.0
apache	solr	4.3.1
apache	solr	4.4.0
apache	solr	4.5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "037FEB16-6126-4951-B8FD-D56CF268CFBF",
              "versionEndIncluding": "4.5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:solr:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "06216B21-FC73-480F-90A2-B0D358FAEE11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:solr:4.0.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "49D9F075-B18A-4634-8AA1-DE1399548838",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:solr:4.0.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "0CFB9E78-22B2-4683-BD17-1600A3057FF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:solr:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AF6C877-D6B6-40A8-9A73-0B327898F8E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:solr:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C085709-D90B-44AC-89E1-3D2779956B89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:solr:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F36E7460-4056-4608-96BA-622FF2770DBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:solr:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8444B03D-D600-4C30-85F3-E2497270768A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:solr:4.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA07EC5A-CE8F-403E-91C1-8E7D79CD573F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:solr:4.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D09D035F-9B45-4758-ADCD-D6BF8B95AACB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:solr:4.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F01B2DB5-EFEB-472C-B7F7-0B7B5229D488",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT.  NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en SolrResourceLoader en Apache Solr anteriores a 4.6 permite a atacantes remotos leer ficheros arbitrarios a trav\u00e9s de un .. (punto puno) o nombre de directorio completo en el par\u00e1metro tr de solr/select/, cuando el escritor de respuesta (par\u00e1metro wt) se establece a XLST. NOTA: esto puede ser aprovechado utilizando una vulnerabilidad XXE (XML eXternal Entity) diferente para permitir acceso a ficheros a trav\u00e9s de l\u00edmites de red restringidos."
    }
  ],
  "id": "CVE-2013-6397",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-12-07T20:55:02.633",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lucene.apache.org/solr/4_6_0/changes/Changes.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1844.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0029.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/55730"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/59372"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2013/11/27/1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/63935"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://issues.apache.org/jira/browse/SOLR-4882"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lucene.apache.org/solr/4_6_0/changes/Changes.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1844.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0029.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/55730"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59372"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/11/27/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/63935"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://issues.apache.org/jira/browse/SOLR-4882"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-J8QW-MWMV-28CG

Vulnerability from github – Published: 2022-05-17 04:04 – Updated: 2024-03-05 00:24

Summary

Improper Limitation of a Pathname to a Restricted Directory in Apache Solr

Details

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.solr:solr-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2013-6397"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-07T23:24:16Z",
    "nvd_published_at": "2013-12-07T20:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT.  NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.",
  "id": "GHSA-j8qw-mwmv-28cg",
  "modified": "2024-03-05T00:24:07Z",
  "published": "2022-05-17T04:04:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6397"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/lucene-solr/commit/da34b18cb3092df4972e2b6fa5178d1059923910"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/lucene-solr"
    },
    {
      "type": "WEB",
      "url": "https://issues.apache.org/jira/browse/SOLR-4882"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20170307173358/http://www.securityfocus.com/bid/63935"
    },
    {
      "type": "WEB",
      "url": "http://lucene.apache.org/solr/4_6_0/changes/Changes.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1844.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0029.html"
    },
    {
      "type": "WEB",
      "url": "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2013/11/27/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Improper Limitation of a Pathname to a Restricted Directory in Apache Solr"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-6397 (GCVE-0-2013-6397)

RHSA-2014:0029

RHSA-2013:1844

GSD-2013-6397

FKIE_CVE-2013-6397

GHSA-J8QW-MWMV-28CG

Tags

Sightings

Nomenclature