CVE-2013-6397 - OpenCVE

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Apache	Solr

Configuration 1 [-]

OR	cpe:2.3:a:apache:solr::::::::
	cpe:2.3:a:apache:solr:4.0.0:::::::*
	cpe:2.3:a:apache:solr:4.0.0:alpha::::::
	cpe:2.3:a:apache:solr:4.0.0:beta::::::
	cpe:2.3:a:apache:solr:4.1.0:::::::*
	cpe:2.3:a:apache:solr:4.2.0:::::::*
	cpe:2.3:a:apache:solr:4.2.1:::::::*
	cpe:2.3:a:apache:solr:4.3.0:::::::*
	cpe:2.3:a:apache:solr:4.3.1:::::::*
	cpe:2.3:a:apache:solr:4.4.0:::::::*
	cpe:2.3:a:apache:solr:4.5.0:::::::*

References

Link	Resource
http://lucene.apache.org/solr/4_6_0/changes/Changes.html
http://rhn.redhat.com/errata/RHSA-2013-1844.html
http://rhn.redhat.com/errata/RHSA-2014-0029.html
http://secunia.com/advisories/55730	Vendor Advisory
http://secunia.com/advisories/59372
http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html	Exploit
http://www.openwall.com/lists/oss-security/2013/11/27/1
http://www.securityfocus.com/bid/63935
https://issues.apache.org/jira/browse/SOLR-4882	Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2013-12-07T20:00:00

Updated: 2015-04-27T12:57:01

Reserved: 2013-11-04T00:00:00

Link: CVE-2013-6397

JSON object: View

NVD Information

Status : Modified

Published: 2013-12-07T20:55:02.633

Modified: 2023-11-07T02:17:10.600

Link: CVE-2013-6397

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-03-30T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-04-27T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "63935", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/63935"}, {"name": "RHSA-2014:0029", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0029.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.apache.org/jira/browse/SOLR-4882"}, {"name": "[oss-security] 20131126 Re: CVE request: Apache Solr 4.6.0", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/11/27/1"}, {"name": "55730", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55730"}, {"name": "RHSA-2013:1844", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1844.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://lucene.apache.org/solr/4_6_0/changes/Changes.html"}, {"name": "59372", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59372"}, {"tags": ["x_refsource_MISC"], "url": "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-6397", "datePublished": "2013-12-07T20:00:00", "dateReserved": "2013-11-04T00:00:00", "dateUpdated": "2015-04-27T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*", "matchCriteriaId": "037FEB16-6126-4951-B8FD-D56CF268CFBF", "versionEndIncluding": "4.5.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:solr:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "06216B21-FC73-480F-90A2-B0D358FAEE11", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:solr:4.0.0:alpha:*:*:*:*:*:*", "matchCriteriaId": "49D9F075-B18A-4634-8AA1-DE1399548838", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:solr:4.0.0:beta:*:*:*:*:*:*", "matchCriteriaId": "0CFB9E78-22B2-4683-BD17-1600A3057FF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:solr:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AF6C877-D6B6-40A8-9A73-0B327898F8E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:solr:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "1C085709-D90B-44AC-89E1-3D2779956B89", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:solr:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "F36E7460-4056-4608-96BA-622FF2770DBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:solr:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "8444B03D-D600-4C30-85F3-E2497270768A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:solr:4.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "CA07EC5A-CE8F-403E-91C1-8E7D79CD573F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:solr:4.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "D09D035F-9B45-4758-ADCD-D6BF8B95AACB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:solr:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "F01B2DB5-EFEB-472C-B7F7-0B7B5229D488", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en SolrResourceLoader en Apache Solr anteriores a 4.6 permite a atacantes remotos leer ficheros arbitrarios a trav\u00e9s de un .. (punto puno) o nombre de directorio completo en el par\u00e1metro tr de solr/select/, cuando el escritor de respuesta (par\u00e1metro wt) se establece a XLST. NOTA: esto puede ser aprovechado utilizando una vulnerabilidad XXE (XML eXternal Entity) diferente para permitir acceso a ficheros a trav\u00e9s de l\u00edmites de red restringidos."}], "id": "CVE-2013-6397", "lastModified": "2023-11-07T02:17:10.600", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-12-07T20:55:02.633", "references": [{"source": "secalert@redhat.com", "url": "http://lucene.apache.org/solr/4_6_0/changes/Changes.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-1844.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2014-0029.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/55730"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/59372"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/11/27/1"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/63935"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://issues.apache.org/jira/browse/SOLR-4882"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}