Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities

Bugtraq ID:	104239
Class:	Design Error
CVE:	CVE-2018-8010
Remote:	Yes
Local:	No
Published:	May 21 2018 12:00AM
Updated:	May 21 2018 12:00AM
Credit:	Ananthesh and Ishan Chattopadhyaya.
Vulnerable:	Apache Solr 7.2.1 Apache Solr 7.0 Apache Solr 6.6.3 Apache Solr 6.6.2 Apache Solr 6.6.1 Apache Solr 6.6 Apache Solr 6.5.1 Apache Solr 6.5 Apache Solr 6.4 Apache Solr 6.3 Apache Solr 6.2 Apache Solr 7.3 Apache Solr 6.6 Apache Solr 6.3 Apache Solr 6.0
Not Vulnerable:	Apache Solr 7.3.1 Apache Solr 6.6.4 Apache Solr 7.4

Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities

Apache Solr is prone to multiple information-disclosure vulnerabilities.

An attacker can exploit these issues to gain access to sensitive information that may lead to further attacks.

Apache Solr versions 6.0.0 through 6.6.3, and 7.0.0 through 7.3.0 are vulnerable.

Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities

An attacker can exploit these issues using readily available tools.

Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities

References:

• Apache Solr Homepage (Apache)
  
• Bug 1581037 - (CVE-2018-8010) CVE-2018-8010 solr: XML external entity expansion (Red Hat Bugzilla)
  
• CVE-2018-8010 (Red Hat Bugzilla)
  
• CVE-2018-8010: Prevent XXE in solrconfig.xml and managed-schema(.xml) (Apache)