ID CVE-2019-12401
Summary Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:solr:4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:4.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:4.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:4.0.0:alpha:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:4.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:4.0.0:beta:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:4.0.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:4.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:4.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:4.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:4.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:4.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:4.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:4.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:4.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:4.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:4.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:4.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:4.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:4.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:4.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:4.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:4.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:4.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:4.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:4.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:4.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:4.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:4.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:4.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:4.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:4.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:4.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:4.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:4.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:4.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:4.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:4.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:4.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:4.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:4.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:4.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:4.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:4.10.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:4.10.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:4.10.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:4.10.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:3.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:3.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:3.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:3.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:3.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:3.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:3.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:3.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:3.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:3.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:3.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:solr:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:solr:1.4.1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 28-02-2023 - 15:25)
Impact:
Exploitability:
CWE CWE-776
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
confirm https://security.netapp.com/advisory/ntap-20190926-0002/
misc https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12401-XML%20Bomb-Apache%20Solr
mlist
  • [announce] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0
  • [lucene-dev] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0
  • [lucene-dev] 20190909 [jira] [Resolved] (SOLR-13750) [CVE-2019-12401] XML Bomb in Apache Solr versions prior to 5.0.0
  • [lucene-dev] 20190909 [jira] [Updated] (SOLR-13750) [CVE-2019-12401] XML Bomb in Apache Solr versions prior to 5.0.0
  • [lucene-dev] 20190911 [jira] [Commented] (SOLR-13750) [CVE-2019-12401] XML Bomb in Apache Solr versions prior to 5.0.0
  • [lucene-general] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0
  • [lucene-solr-user] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0
  • [oss-security] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0
  • [www-announce] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0
Last major update 28-02-2023 - 15:25
Published 10-09-2019 - 15:15
Last modified 28-02-2023 - 15:25
Back to Top