Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache Solr < 5.1 Multiple XSS

Medium

Synopsis

The remote web server contains a Java application that is affected by multiple persistent cross-site scripting (XSS) vulnerabilities.

Description

Versions of Apache Solr prior to 5.1 are affected by two persistent cross-site scripting vulnerabilities. Specifically, these affect the Schema-Browser page and Analysis page due to a failure to sanitize field names used in queries before returning them to the user of the Solr administration panel. A remote, unauthenticated attacker can exploit this issue to execute arbitrary JavaScript within the context of a victim's browser, allowing the attacker to steal session information, log key strokes, and perform other malicious attacks.

Solution

Upgrade to Solr 5.1 or later.