Apache Solr 5.3.x 'XMLResponseParser.java' XXE
High Nessus Network Monitor Plugin ID 9072
SynopsisThe remote web server contains a Java application that is affected by an XXE injection vulnerability.
DescriptionVersions of Apache Solr 5.3.x are affected by an XXE (Xml eXternal Entity) injection flaw that is triggered during the parsing of XML data passed via the 'stream.body' parameter in 'XMLResponseParser.java'. The issue is due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. By sending specially crafted XML data, a remote attacker can have an unspecified impact.
SolutionUpgrade to Solr 5.4.0 or later.