VulnerableCode Package Details - pkg:deb/ubuntu/lucene-solr@3.6.2%2Bdfsg-2

Search for packages

Vulnerability	Summary	Fixed by
VCID-k73v-pu17-aaaj Aliases: CVE-2017-3163 GHSA-387v-84cv-9qmc	Moderate severity vulnerability that affects org.apache.solr:solr-core	3.6.2+dfsg-11 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-serq-s7kt-aaac Aliases: CVE-2019-0193 GHSA-3gm7-v7vw-866c	XML External Entity (XXE) Injection in Apache Solr	3.6.2+dfsg-22 Affected by 0 other vulnerabilities.
VCID-y2ff-qfxj-aaar Aliases: CVE-2017-12629 GHSA-mh7g-99w9-xpjm	Remote code execution occurs in Apache Solr	3.6.2+dfsg-11 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-k73v-pu17-aaaj
Aliases:
CVE-2017-3163
GHSA-387v-84cv-9qmc

Moderate severity vulnerability that affects org.apache.solr:solr-core

3.6.2+dfsg-11
Affected by 1 other vulnerability.

VCID-serq-s7kt-aaac
Aliases:
CVE-2019-0193
GHSA-3gm7-v7vw-866c

XML External Entity (XXE) Injection in Apache Solr

3.6.2+dfsg-22
Affected by 0 other vulnerabilities.

VCID-y2ff-qfxj-aaar
Aliases:
CVE-2017-12629
GHSA-mh7g-99w9-xpjm

Remote code execution occurs in Apache Solr

3.6.2+dfsg-11
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-3ymg-2hcn-aaak	XML eXternal Entity (XXE) flaw in DocumentAnalysisRequestHandler The DocumentAnalysisRequestHandler in this package does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407.	CVE-2013-6408 GHSA-45w3-2hvv-pfxq
VCID-dta3-8xp3-aaap	The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.	CVE-2012-6612 GHSA-6cpj-3g83-q2j4
VCID-jt53-7yhp-aaab	XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler This package allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.	CVE-2013-6407 GHSA-998j-j6v9-5846
VCID-snxv-kdyk-aaap	Directory traversal when loading XSL stylesheets and Velocity templates Directory traversal vulnerability in SolrResourceLoader in this package allows remote attackers to read arbitrary files via a `..` (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.	CVE-2013-6397 GHSA-j8qw-mwmv-28cg

Vulnerability

Summary

Aliases

VCID-3ymg-2hcn-aaak

XML eXternal Entity (XXE) flaw in DocumentAnalysisRequestHandler The DocumentAnalysisRequestHandler in this package does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407.

CVE-2013-6408
GHSA-45w3-2hvv-pfxq

VCID-dta3-8xp3-aaap

The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.

CVE-2012-6612
GHSA-6cpj-3g83-q2j4

VCID-jt53-7yhp-aaab

XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler This package allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVE-2013-6407
GHSA-998j-j6v9-5846

VCID-snxv-kdyk-aaap

Directory traversal when loading XSL stylesheets and Velocity templates Directory traversal vulnerability in SolrResourceLoader in this package allows remote attackers to read arbitrary files via a `..` (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.

CVE-2013-6397
GHSA-j8qw-mwmv-28cg

Next non-vulnerable version	3.6.2+dfsg-22
Latest non-vulnerable version	3.6.2+dfsg-22
Risk	10.0