What is CVE-2013-6397?

CVE-2013-6397 is a vulnerability in Apache Solr, classified under Path Traversal. Published 2013-12-07.

Is CVE-2013-6397 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Apache Solr

CVE-2013-6397

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt paramet…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.909 (99.6th percentile) — read the EPSS interpretation.

Affected products

Apache Solr — versions 4.0.0, 4.1.0, 4.2.0
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

References

63935 (vdb-entry, x_refsource_BID)
RHSA-2014:0029 (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
[oss-security] 20131126 Re: CVE request: Apache Solr 4.6.0 (mailing-list, x_refsource_MLIST)
55730 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
RHSA-2013:1844 (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
59372 (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (Exploit, x_refsource_MISC)

Frequently asked questions

What is CVE-2013-6397?: CVE-2013-6397 is a vulnerability in Apache Solr, classified under Path Traversal. Published 2013-12-07.
Is CVE-2013-6397 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.