CVE-2019-12401 is a vulnerability in Apache Solr
Published on September 10, 2019

Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via its update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs.

NVD

Products Associated with CVE-2019-12401

Want to know whenever a new CVE is published for Apache Solr? stack.watch will email you.

Apache Solr

Affected Versions

Apache Solr:

Version 1.3.0 to 1.4.1 is affected.
Version 3.1.0 to 3.6.2 is affected.
Version 4.0.0 to 4.10.4 is affected.

Exploit Probability

EPSS

32.77%

Percentile

96.81%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2019-12401 is a vulnerability in Apache SolrPublished on September 10, 2019

Products Associated with CVE-2019-12401

Affected Versions

Exploit Probability

CVE-2019-12401 is a vulnerability in Apache Solr
Published on September 10, 2019