CVE-2018-1308

NameCVE-2018-1308
DescriptionThis vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1360-1, DSA-4194-1
NVD severitymedium (attack range: remote)
Debian Bugs896604

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
lucene-solr (PTS)jessie (security), jessie3.6.2+dfsg-5+deb8u2fixed
stretch (security), stretch3.6.2+dfsg-10+deb9u2fixed
buster, sid3.6.2+dfsg-14fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
lucene-solrsource(unstable)3.6.2+dfsg-12medium896604
lucene-solrsourcejessie3.6.2+dfsg-5+deb8u2mediumDSA-4194-1
lucene-solrsourcestretch3.6.2+dfsg-10+deb9u2mediumDSA-4194-1
lucene-solrsourcewheezy3.6.0+dfsg-1+deb7u4mediumDLA-1360-1

Notes

http://www.openwall.com/lists/oss-security/2018/04/08/3
https://issues.apache.org/jira/browse/SOLR-11971
master: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/02c693f3
branch_7x: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/739a7933
branch_6_6: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/dd3be31f

Search for package or bug name: Reporting problems