[SOLR-8307] XXE Vulnerability - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: 5.3
Fix Version/s: 5.4, 6.0
Component/s: Admin UI
Labels:
None

Description

Use the drop-down in the left menu to select a core. Use the “Watch Changes” feature under the “Plugins / Stats” option. When submitting the changes, XML is passed in the “stream.body” parameter and is vulnerable to XXE.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

SOLR-8307.patch
18/Nov/15 01:34
1 kB
Shawn Heisey
SOLR-8307.patch
19/Nov/15 03:13
8 kB
Erik Hatcher

Activity

People

Assignee:: Erik Hatcher

Reporter:: Adam Johnson

Votes:: 1 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 17/Nov/15 22:53

Updated:: 09/May/16 18:55

Resolved:: 24/Nov/15 15:25