Search for vulnerabilities
Vulnerability details: VCID-snxv-kdyk-aaap
Vulnerability ID VCID-snxv-kdyk-aaap
Aliases CVE-2013-6397
GHSA-j8qw-mwmv-28cg
Summary Directory traversal when loading XSL stylesheets and Velocity templates Directory traversal vulnerability in SolrResourceLoader in this package allows remote attackers to read arbitrary files via a `..` (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://lucene.apache.org/solr/4_6_0/changes/Changes.html
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-6397.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-1844.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2014-0029.html
rhas Important https://access.redhat.com/errata/RHSA-2013:1844
rhas Important https://access.redhat.com/errata/RHSA-2014:0029
epss 0.29398 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.29398 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.29398 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.29398 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.52819 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.52819 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.52819 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.52819 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.52819 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.52819 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.52819 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.52819 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.52819 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.52819 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.52819 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.52819 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.92828 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.92828 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.92828 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.92828 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.92828 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.92828 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.92828 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.92828 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.92828 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.9299 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.93346 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.93346 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.93346 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.93346 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.93346 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.93346 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.93346 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
epss 0.93346 https://api.first.org/data/v1/epss?cve=CVE-2013-6397
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1035062
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6612
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6397
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6407
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6408
generic_textual MODERATE http://secunia.com/advisories/59372
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-j8qw-mwmv-28cg
cvssv3.1 6.5 https://github.com/apache/lucene-solr
generic_textual MODERATE https://github.com/apache/lucene-solr
generic_textual MODERATE https://github.com/apache/lucene-solr/commit/da34b18cb3092df4972e2b6fa5178d1059923910
generic_textual MODERATE https://issues.apache.org/jira/browse/SOLR-4882
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2013-6397
generic_textual MODERATE https://web.archive.org/web/20170307173358/http://www.securityfocus.com/bid/63935
generic_textual MODERATE http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html
generic_textual Medium http://www.openwall.com/lists/oss-security/2013/11/26
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2013/11/27/1
Reference id Reference type URL
http://lucene.apache.org/solr/4_6_0/changes/Changes.html
http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-6397.html
http://rhn.redhat.com/errata/RHSA-2013-1844.html
http://rhn.redhat.com/errata/RHSA-2014-0029.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6397.json
https://api.first.org/data/v1/epss?cve=CVE-2013-6397
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6612
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6397
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6407
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6408
http://secunia.com/advisories/55730
http://secunia.com/advisories/59372
https://github.com/apache/lucene-solr
https://github.com/apache/lucene-solr/commit/da34b18cb3092df4972e2b6fa5178d1059923910
https://issues.apache.org/jira/browse/SOLR-4882
https://web.archive.org/web/20170307173358/http://www.securityfocus.com/bid/63935
http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html
http://www.openwall.com/lists/oss-security/2013/11/26
http://www.openwall.com/lists/oss-security/2013/11/27/1
http://www.securityfocus.com/bid/63935
1035062 https://bugzilla.redhat.com/show_bug.cgi?id=1035062
731113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731113
cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:solr:4.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:solr:4.0.0:alpha:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.0.0:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:solr:4.0.0:beta:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.0.0:beta:*:*:*:*:*:*
cpe:2.3:a:apache:solr:4.1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:solr:4.2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:solr:4.2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:solr:4.3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:solr:4.3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:solr:4.4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.4.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:solr:4.5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.5.0:*:*:*:*:*:*:*
CVE-2013-6397 https://bugzilla.redhat.com/CVE-2013-6397
CVE-2013-6397 https://nvd.nist.gov/vuln/detail/CVE-2013-6397
GHSA-j8qw-mwmv-28cg https://github.com/advisories/GHSA-j8qw-mwmv-28cg
RHSA-2013:1844 https://access.redhat.com/errata/RHSA-2013:1844
RHSA-2014:0029 https://access.redhat.com/errata/RHSA-2014:0029
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/apache/lucene-solr
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2013-6397
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.96893
EPSS Score 0.29398
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.