What is CVE-2013-6407?

CVE-2013-6407 is a vulnerability in Apache Solr. Published 2013-12-07.

Is CVE-2013-6407 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Solr

CVE-2013-6407

The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Ent…

EPSS: 0.114 (93.7th percentile) — read the EPSS interpretation.

Affected products

Apache Solr — versions 3.6.0, 3.6.1, 3.6.2
N/a — versions n/a

Public proof-of-concept exploits

veracode-research/solr-injection

References

RHSA-2014:0029 (x_refsource_REDHAT, vendor-advisory)
55542 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
[oss-security] 20131128 Re: CVE Request: Apache Solr XXE (mailing-list, x_refsource_MLIST)
secalert@redhat.com (x_refsource_CONFIRM)
RHSA-2013:1844 (x_refsource_REDHAT, vendor-advisory)
59372 (x_refsource_SECUNIA, third-party-advisory)

Frequently asked questions

What is CVE-2013-6407?: CVE-2013-6407 is a vulnerability in Apache Solr. Published 2013-12-07.
Is CVE-2013-6407 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.