CVE-2018-1308 in Apache and Debian Products
Published on April 9, 2018

This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.

Vendor Advisory NVD

Products Associated with CVE-2018-1308

stack.watch emails you whenever new vulnerabilities are published in Apache Solr or Debian Linux. Just hit a watch button to start following.

Apache Solr

Debian Linux

Affected Versions

Apache Software Foundation Apache Solr:

Version 1.2 to 6.6.2 is affected.
Version 7.0.0 to 7.2.1 is affected.

Exploit Probability

EPSS

5.78%

Percentile

90.35%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-1308 in Apache and Debian ProductsPublished on April 9, 2018

Products Associated with CVE-2018-1308

Affected Versions

Exploit Probability

CVE-2018-1308 in Apache and Debian Products
Published on April 9, 2018