CVE-2018-8026

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. The manipulated files can be uploaded as configsets using Solr's API, allowing to exploit that vulnerability.

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/104690	Third Party Advisory VDB Entry
https://issues.apache.org/jira/browse/SOLR-12450	Exploit Issue Tracking Vendor Advisory
https://mail-archives.apache.org/mod_mbox/lucene-solr-user/201807.mbox/%3C0cdc01d413b7%24f97ba580%24ec72f080%24%40apache.org%3E	Mailing List Vendor Advisory
https://security.netapp.com/advisory/ntap-20190307-0002/	Third Party Advisory
http://www.securityfocus.com/bid/104690	Third Party Advisory VDB Entry
https://issues.apache.org/jira/browse/SOLR-12450	Exploit Issue Tracking Vendor Advisory
https://mail-archives.apache.org/mod_mbox/lucene-solr-user/201807.mbox/%3C0cdc01d413b7%24f97ba580%24ec72f080%24%40apache.org%3E	Mailing List Vendor Advisory
https://security.netapp.com/advisory/ntap-20190307-0002/	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:solr::::::::
	cpe:2.3:a:apache:solr::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:netapp:snapcenter:-:::::::*
	cpe:2.3:a:netapp:storage_automation_store:-:::::::*

History

21 Nov 2024, 04:13

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/bid/104690 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/104690 - Third Party Advisory, VDB Entry
References	~~() https://issues.apache.org/jira/browse/SOLR-12450 - Exploit, Issue Tracking, Vendor Advisory~~	() https://issues.apache.org/jira/browse/SOLR-12450 - Exploit, Issue Tracking, Vendor Advisory
References	~~() https://mail-archives.apache.org/mod_mbox/lucene-solr-user/201807.mbox/%3C0cdc01d413b7%24f97ba580%24ec72f080%24%40apache.org%3E - Mailing List, Vendor Advisory~~	() https://mail-archives.apache.org/mod_mbox/lucene-solr-user/201807.mbox/%3C0cdc01d413b7%24f97ba580%24ec72f080%24%40apache.org%3E - Mailing List, Vendor Advisory
References	~~() https://security.netapp.com/advisory/ntap-20190307-0002/ - Third Party Advisory~~	() https://security.netapp.com/advisory/ntap-20190307-0002/ - Third Party Advisory

Information

Published : 2018-07-05 14:29

Updated : 2024-11-21 04:13

NVD link : CVE-2018-8026

Mitre link : CVE-2018-8026

CVE.ORG link : CVE-2018-8026

JSON object : View

Products Affected

netapp

snapcenter
storage_automation_store

apache

solr

CWE

CWE-611

Improper Restriction of XML External Entity Reference

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2018-8026

5.5^/10

2.1^/10

Attach tags to `CVE-2018-8026`