VulnerableCode Package Details - pkg:deb/ubuntu/lucene-solr@3.6.0%2Bdfsg-1

Search for packages

Package details: pkg:deb/ubuntu/lucene-solr@3.6.0%2Bdfsg-1

Essentials
History (0)

purl	pkg:deb/ubuntu/lucene-solr@3.6.0%2Bdfsg-1

Next non-vulnerable version	3.6.2+dfsg-22
Latest non-vulnerable version	3.6.2+dfsg-22
Risk	10.0

Vulnerabilities affecting this package (7)

Vulnerability	Summary	Fixed by
VCID-3ymg-2hcn-aaak Aliases: CVE-2013-6408 GHSA-45w3-2hvv-pfxq	XML eXternal Entity (XXE) flaw in DocumentAnalysisRequestHandler The DocumentAnalysisRequestHandler in this package does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407.	3.6.2+dfsg-2 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.6.2+dfsg-8 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-dta3-8xp3-aaap Aliases: CVE-2012-6612 GHSA-6cpj-3g83-q2j4	The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.	3.6.2+dfsg-2 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-jt53-7yhp-aaab Aliases: CVE-2013-6407 GHSA-998j-j6v9-5846	XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler This package allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.	3.6.2+dfsg-2 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.6.2+dfsg-8 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-k73v-pu17-aaaj Aliases: CVE-2017-3163 GHSA-387v-84cv-9qmc	Moderate severity vulnerability that affects org.apache.solr:solr-core	3.6.2+dfsg-11 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-serq-s7kt-aaac Aliases: CVE-2019-0193 GHSA-3gm7-v7vw-866c	XML External Entity (XXE) Injection in Apache Solr	3.6.2+dfsg-22 Affected by 0 other vulnerabilities.
VCID-snxv-kdyk-aaap Aliases: CVE-2013-6397 GHSA-j8qw-mwmv-28cg	Directory traversal when loading XSL stylesheets and Velocity templates Directory traversal vulnerability in SolrResourceLoader in this package allows remote attackers to read arbitrary files via a `..` (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.	3.6.2+dfsg-2 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.6.2+dfsg-8 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-y2ff-qfxj-aaar Aliases: CVE-2017-12629 GHSA-mh7g-99w9-xpjm	Remote code execution occurs in Apache Solr	3.6.2+dfsg-11 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version