CVE-2013-6408

NONECVSS 0.0

0.0

The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407.

🔗 References (14)

secalert@redhathttp://rhn.redhat.com/errata/RHSA-2013-1844.html
secalert@redhathttp://rhn.redhat.com/errata/RHSA-2014-0029.html
secalert@redhathttp://secunia.com/advisories/55542
secalert@redhathttp://secunia.com/advisories/59372
secalert@redhathttp://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup
secalert@redhathttp://www.openwall.com/lists/oss-security/2013/11/29/2
secalert@redhathttps://issues.apache.org/jira/browse/SOLR-4881
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1844.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0029.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55542
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59372
af854a3a-2127-422b-91ae-364da2661108http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2013/11/29/2
af854a3a-2127-422b-91ae-364da2661108https://issues.apache.org/jira/browse/SOLR-4881

Is Your Infrastructure Affected by CVE-2013-6408?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2013-6408

📅 Published

🔄 Last Modified

🔗 References (14)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2013-6408?