cnvd - cnvd-2018-15541

cnvd-2018-15541

Vulnerability from cnvd

Title: Apache Solr XML外部实体多重信息泄露漏洞

Description:

Apache Solr是美国阿帕奇（Apache）软件基金会的一款基于Lucene（一个全文检索引擎的架构）的搜索服务器，它支持层面搜索、垂直搜索、高亮显示搜索结果、多种输出格式等。

Apache Solr 6.0.0版本至6.6.4版本和7.0.0版本至7.3.1版本中的Solr配置文件（currency.xml、 enumsConfig.xml和TIKA parsecontext配置文件）存在XML外部实体多重信息泄露漏洞。攻击者可通过Solr API上传被操纵的文件利用该漏洞读取Solr服务器或内部网络上任意的本地文件。

Severity: 中

Patch Name: Apache Solr XML外部实体多重信息泄露漏洞的补丁

Patch Description:

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://issues.apache.org/jira/browse/SOLR-12450

Reference: https://nvd.nist.gov/vuln/detail/CVE-2018-8026 https://www.securityfocus.com/bid/104690

Impacted products

Name
['Apache Solr >=6.0.0 ，<=6.6.4', 'Apache Solr >=7.0.0 ，<=7.3.1']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "104690"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-8026",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8026"
    }
  },
  "description": "Apache Solr\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u57fa\u4e8eLucene\uff08\u4e00\u4e2a\u5168\u6587\u68c0\u7d22\u5f15\u64ce\u7684\u67b6\u6784\uff09\u7684\u641c\u7d22\u670d\u52a1\u5668\uff0c\u5b83\u652f\u6301\u5c42\u9762\u641c\u7d22\u3001\u5782\u76f4\u641c\u7d22\u3001\u9ad8\u4eae\u663e\u793a\u641c\u7d22\u7ed3\u679c\u3001\u591a\u79cd\u8f93\u51fa\u683c\u5f0f\u7b49\u3002\r\n\r\nApache Solr 6.0.0\u7248\u672c\u81f36.6.4\u7248\u672c\u548c7.0.0\u7248\u672c\u81f37.3.1\u7248\u672c\u4e2d\u7684Solr\u914d\u7f6e\u6587\u4ef6\uff08currency.xml\u3001 enumsConfig.xml\u548cTIKA parsecontext\u914d\u7f6e\u6587\u4ef6\uff09\u5b58\u5728XML\u5916\u90e8\u5b9e\u4f53\u591a\u91cd\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7Solr API\u4e0a\u4f20\u88ab\u64cd\u7eb5\u7684\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6Solr\u670d\u52a1\u5668\u6216\u5185\u90e8\u7f51\u7edc\u4e0a\u4efb\u610f\u7684\u672c\u5730\u6587\u4ef6\u3002",
  "discovererName": "Yuyang Xiao, and Ishan Chattopadhyaya",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://issues.apache.org/jira/browse/SOLR-12450",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-15541",
  "openTime": "2018-08-17",
  "patchDescription": "Apache Solr\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u57fa\u4e8eLucene\uff08\u4e00\u4e2a\u5168\u6587\u68c0\u7d22\u5f15\u64ce\u7684\u67b6\u6784\uff09\u7684\u641c\u7d22\u670d\u52a1\u5668\uff0c\u5b83\u652f\u6301\u5c42\u9762\u641c\u7d22\u3001\u5782\u76f4\u641c\u7d22\u3001\u9ad8\u4eae\u663e\u793a\u641c\u7d22\u7ed3\u679c\u3001\u591a\u79cd\u8f93\u51fa\u683c\u5f0f\u7b49\u3002\r\n\r\nApache Solr 6.0.0\u7248\u672c\u81f36.6.4\u7248\u672c\u548c7.0.0\u7248\u672c\u81f37.3.1\u7248\u672c\u4e2d\u7684Solr\u914d\u7f6e\u6587\u4ef6\uff08currency.xml\u3001 enumsConfig.xml\u548cTIKA parsecontext\u914d\u7f6e\u6587\u4ef6\uff09\u5b58\u5728XML\u5916\u90e8\u5b9e\u4f53\u591a\u91cd\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7Solr API\u4e0a\u4f20\u88ab\u64cd\u7eb5\u7684\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6Solr\u670d\u52a1\u5668\u6216\u5185\u90e8\u7f51\u7edc\u4e0a\u4efb\u610f\u7684\u672c\u5730\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Solr XML\u5916\u90e8\u5b9e\u4f53\u591a\u91cd\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apache Solr \u003e=6.0.0 \uff0c\u003c=6.6.4",
      "Apache Solr \u003e=7.0.0 \uff0c\u003c=7.3.1"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-8026\r\nhttps://www.securityfocus.com/bid/104690",
  "serverity": "\u4e2d",
  "submitTime": "2018-07-11",
  "title": "Apache Solr XML\u5916\u90e8\u5b9e\u4f53\u591a\u91cd\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2018-8026 (GCVE-0-2018-8026)

Vulnerability from cvelistv5

Published

2018-07-05 14:00

Modified

2024-09-16 22:14

Severity ?

CWE

Information Disclosure

Summary

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. The manipulated files can be uploaded as configsets using Solr's API, allowing to exploit that vulnerability.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/104690	vdb-entry, x_refsource_BID
	https://issues.apache.org/jira/browse/SOLR-12450	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-20190307-0002/	x_refsource_CONFIRM
	https://mail-archives.apache.org/mod_mbox/lucene-solr-user/201807.mbox/%3C0cdc01d413b7%24f97ba580%24ec72f080%24%40apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Solr	Version: 6.0.0 to 6.6.4 Version: 7.0.0 to 7.3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:46:11.485Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "104690",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104690"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.apache.org/jira/browse/SOLR-12450"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190307-0002/"
          },
          {
            "name": "[lucene-solr-user] 20180704 [SECURITY] CVE-2018-8026: XXE vulnerability due to Apache Solr configset upload (exchange rate provider config / enum field config / TIKA parsecontext)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://mail-archives.apache.org/mod_mbox/lucene-solr-user/201807.mbox/%3C0cdc01d413b7%24f97ba580%24ec72f080%24%40apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Solr",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.0 to 6.6.4"
            },
            {
              "status": "affected",
              "version": "7.0.0 to 7.3.1"
            }
          ]
        }
      ],
      "datePublic": "2018-07-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. The manipulated files can be uploaded as configsets using Solr\u0027s API, allowing to exploit that vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-08T10:57:01",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "104690",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104690"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.apache.org/jira/browse/SOLR-12450"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190307-0002/"
        },
        {
          "name": "[lucene-solr-user] 20180704 [SECURITY] CVE-2018-8026: XXE vulnerability due to Apache Solr configset upload (exchange rate provider config / enum field config / TIKA parsecontext)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://mail-archives.apache.org/mod_mbox/lucene-solr-user/201807.mbox/%3C0cdc01d413b7%24f97ba580%24ec72f080%24%40apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "DATE_PUBLIC": "2018-07-04T00:00:00",
          "ID": "CVE-2018-8026",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Solr",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.0 to 6.6.4"
                          },
                          {
                            "version_value": "7.0.0 to 7.3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. The manipulated files can be uploaded as configsets using Solr\u0027s API, allowing to exploit that vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "104690",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104690"
            },
            {
              "name": "https://issues.apache.org/jira/browse/SOLR-12450",
              "refsource": "CONFIRM",
              "url": "https://issues.apache.org/jira/browse/SOLR-12450"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190307-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190307-0002/"
            },
            {
              "name": "[lucene-solr-user] 20180704 [SECURITY] CVE-2018-8026: XXE vulnerability due to Apache Solr configset upload (exchange rate provider config / enum field config / TIKA parsecontext)",
              "refsource": "MLIST",
              "url": "https://mail-archives.apache.org/mod_mbox/lucene-solr-user/201807.mbox/%3C0cdc01d413b7%24f97ba580%24ec72f080%24%40apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2018-8026",
    "datePublished": "2018-07-05T14:00:00Z",
    "dateReserved": "2018-03-09T00:00:00",
    "dateUpdated": "2024-09-16T22:14:47.305Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted