CVE-2012-6612

The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2013-1844.html
http://rhn.redhat.com/errata/RHSA-2014-0029.html
http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup
https://issues.apache.org/jira/browse/SOLR-3895	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:solr::::::::
	cpe:2.3:a:apache:solr:4.0.0:alpha::::::
	cpe:2.3:a:apache:solr:4.0.0:beta::::::

History

No history.

Information

Published : 2013-12-07 21:55

Updated : 2023-12-10 11:16

NVD link : CVE-2012-6612

Mitre link : CVE-2012-6612

CVE.ORG link : CVE-2012-6612

JSON object : View

Products Affected

apache

solr

CWE

NVD-CWE-noinfo

{"id": "CVE-2012-6612", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-12-07T21:55:09.547", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2013-1844.html", "source": "cve@mitre.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-0029.html", "source": "cve@mitre.org"}, {"url": "http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup", "source": "cve@mitre.org"}, {"url": "https://issues.apache.org/jira/browse/SOLR-3895", "tags": ["Patch"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407."}, {"lang": "es", "value": "El (1) UpdateRequestHandler para XSLT o (2) XPathEntityProcessor en Apache Solr anteriores a 4.1 permite a atacantes remotos tener un impacto no especificado a trav\u00e9s de datos XML que contengan declaraciones de entidad externa en conjunci\u00f3n con referencia a una entidad, relacionado con un problema de XML External Entity (XXE), vectores diferentes a CVE-2013-6407."}], "lastModified": "2014-03-08T05:02:00.293", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1887ADD7-5B71-4CC4-B003-1F50DAC3DFA2", "versionEndIncluding": "4.0.0"}, {"criteria": "cpe:2.3:a:apache:solr:4.0.0:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49D9F075-B18A-4634-8AA1-DE1399548838"}, {"criteria": "cpe:2.3:a:apache:solr:4.0.0:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CFB9E78-22B2-4683-BD17-1600A3057FF3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}