Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache Solr 5.3.x 'XMLResponseParser.java' XXE

High

Synopsis

The remote web server contains a Java application that is affected by an XXE injection vulnerability.

Description

Versions of Apache Solr 5.3.x are affected by an XXE (Xml eXternal Entity) injection flaw that is triggered during the parsing of XML data passed via the 'stream.body' parameter in 'XMLResponseParser.java'. The issue is due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. By sending specially crafted XML data, a remote attacker can have an unspecified impact.

Solution

Upgrade to Solr 5.4.0 or later.