What is CVE-2013-6408?

CVE-2013-6408 is a vulnerability in Apache Solr. Published 2013-12-07.

Is CVE-2013-6408 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Solr

CVE-2013-6408

The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction…

EPSS: 0.114 (93.7th percentile) — read the EPSS interpretation.

Affected products

Apache Solr — versions 3.6.0, 3.6.1, 3.6.2
N/a — versions n/a

Public proof-of-concept exploits

veracode-research/solr-injection

References

RHSA-2014:0029 (x_refsource_REDHAT, vendor-advisory)
55542 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
[oss-security] 20131128 Re: CVE Request: Apache Solr XXE (mailing-list, x_refsource_MLIST)
secalert@redhat.com (x_refsource_CONFIRM)
RHSA-2013:1844 (x_refsource_REDHAT, vendor-advisory)
59372 (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch)

Frequently asked questions

What is CVE-2013-6408?: CVE-2013-6408 is a vulnerability in Apache Solr. Published 2013-12-07.
Is CVE-2013-6408 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.