CVE-2018-1308

Summary

This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the &dataConfig=<inlinexml> parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Solr1.2 to 6.6.2affected
Apache Software FoundationApache Solr7.0.0 to 7.2.1affected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References