vulnerability
Ubuntu: (CVE-2018-1308): lucene-solr vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Apr 9, 2018 | Nov 19, 2024 | Aug 19, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Apr 9, 2018
Added
Nov 19, 2024
Modified
Aug 19, 2025
Description
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.
Solution
ubuntu-pro-upgrade-lucene-solr
References
- CVE-2018-1308
- https://attackerkb.com/topics/CVE-2018-1308
- CWE-611
- DEBIAN-DSA-4194
- URL-http://www.openwall.com/lists/oss-security/2018/04/08/3
- URL-https://issues.apache.org/jira/browse/SOLR-11971
- URL-https://mail-archives.apache.org/mod_mbox/www-announce/201804.mbox/%3C000001d3cf68%245ac69af0%241053d0d0%24%40apache.org%3E
- URL-https://www.cve.org/CVERecord?id=CVE-2018-1308
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.