VIR Vulnerability Intelligence Relay

CVE-2013-6397

medium
Published 2013-12-07 · Modified 2024-11-30
CVSS v3
CVSS v2
4.3
VIR risk
4.3

Description

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2013-6397

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://issues.apache.org/jira/browse/SOLR-4882

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/55730

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed3.6.2+dfsg-2
debian debianbullseyefixed3.6.2+dfsg-2
debian debianforkyfixed3.6.2+dfsg-2
debian debiansidfixed3.6.2+dfsg-2
debian debiantrixiefixed3.6.2+dfsg-2

Package impact
EcosystemPackageVulnerableFixed
java Mavenorg.apache.solr:solr-core<4.6.04.6.0

Application impact
VendorProductVersionsFixed
apache apachesolr{"endIncluding":"4.5.1"}
apache apachesolr4.0.0
apache apachesolr4.1.0
apache apachesolr4.2.0
apache apachesolr4.2.1
apache apachesolr4.3.0
apache apachesolr4.3.1
apache apachesolr4.4.0
apache apachesolr4.5.0

References

CWEs

CWE-22

Verify integrity in audit chain (admin only). AS-IS.