Apache Solr < 4.6.0 'SolrResourceLoader' Directory Traversal
Medium Nessus Plugin ID 71846
SynopsisThe remote web server contains a Java application that is affected by a directory traversal vulnerability.
DescriptionThe version of Apache Solr running on the remote web server is affected by a directory traversal vulnerability because the 'SolrResourceLoader' class fails to restrict access to the loading of specially crafted XLS stylesheets and velocity templates. A remote, unauthenticated attacker can exploit this issue by crafting a URL with directory traversal characters to access resources outside of the instance directory.
SolutionUpgrade to Apache Solr version 4.6.0 or later.