VIR Vulnerability Intelligence Relay

Package impact

java Maven / org.apache.solr:solr-core

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2017-12629 critical 9.8 9.8 9y ago Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener … debianubunturedhatjava+1
CVE-2013-6408 medium 6.4 13y ago The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an ex… debianjavaapache
CVE-2013-6407 medium 6.4 13y ago The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity r… debianjavaapache
CVE-2015-8797 medium 6.1 6.1 10y ago Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HT… debianjavaapache
CVE-2015-8795 medium 6.1 6.1 10y ago Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled duri… debianjavaapache
CVE-2021-29262 medium 5.5 5y ago When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only us… archdebianjava
CVE-2013-6397 medium 4.3 13y ago Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/selec… debianjavaapache