Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-5tq3-rye7-nygg
Vulnerability ID VCID-5tq3-rye7-nygg
Aliases CVE-2013-6407
GHSA-998j-j6v9-5846
Summary The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-611 Improper Restriction of XML External Entity Reference
System Score Found at
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-1844.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2014-0029.html
epss 0.11391 https://api.first.org/data/v1/epss?cve=CVE-2013-6407
epss 0.11391 https://api.first.org/data/v1/epss?cve=CVE-2013-6407
epss 0.11391 https://api.first.org/data/v1/epss?cve=CVE-2013-6407
epss 0.11391 https://api.first.org/data/v1/epss?cve=CVE-2013-6407
epss 0.11391 https://api.first.org/data/v1/epss?cve=CVE-2013-6407
epss 0.11391 https://api.first.org/data/v1/epss?cve=CVE-2013-6407
epss 0.11391 https://api.first.org/data/v1/epss?cve=CVE-2013-6407
epss 0.11391 https://api.first.org/data/v1/epss?cve=CVE-2013-6407
epss 0.11391 https://api.first.org/data/v1/epss?cve=CVE-2013-6407
generic_textual MODERATE http://secunia.com/advisories/55542
generic_textual MODERATE http://secunia.com/advisories/59372
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-998j-j6v9-5846
generic_textual MODERATE https://github.com/apache/lucene-solr
generic_textual MODERATE https://github.com/apache/lucene-solr/commit/f230486ce6707762c1a6e81655d0fac52887906d
generic_textual MODERATE https://issues.apache.org/jira/browse/SOLR-3895
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2013-6407
generic_textual MODERATE http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2013/11/29/2
Reference id Reference type URL
http://rhn.redhat.com/errata/RHSA-2013-1844.html
http://rhn.redhat.com/errata/RHSA-2014-0029.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6407.json
https://api.first.org/data/v1/epss?cve=CVE-2013-6407
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6612
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6397
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6407
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6408
http://secunia.com/advisories/55542
http://secunia.com/advisories/59372
https://github.com/apache/lucene-solr
https://github.com/apache/lucene-solr/commit/f230486ce6707762c1a6e81655d0fac52887906d
https://issues.apache.org/jira/browse/SOLR-3895
https://issues.apache.org/jira/browse/SOLR-5520
https://nvd.nist.gov/vuln/detail/CVE-2013-6407
http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup
http://www.openwall.com/lists/oss-security/2013/11/29/2
1035981 https://bugzilla.redhat.com/show_bug.cgi?id=1035981
731113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731113
CVE-2013-6407 https://bugzilla.redhat.com/CVE-2013-6407
GHSA-998j-j6v9-5846 https://github.com/advisories/GHSA-998j-j6v9-5846
RHSA-2013:1844 https://access.redhat.com/errata/RHSA-2013:1844
RHSA-2014:0029 https://access.redhat.com/errata/RHSA-2014:0029
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.93526
EPSS Score 0.11391
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:38:16.019097+00:00 ProjectKB MSRImporter Import https://raw.githubusercontent.com/SAP/project-kb/master/MSR2019/dataset/vulas_db_msr2019_release.csv 38.0.0