Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-11971

CVE-2018-1308: XXE attack through DIH's dataConfig request parameter

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

      Description

      We got a security report about an XXE attack when using the &dataConfig=<inlinexml> of Solr's DataImportHandler. See the attached PDF file with full details (I converted it to PDF, originally it was a DOC file).

        Attachments

          Activity

            People

            • Assignee:
              uschindler Uwe Schindler
              Reporter:
              uschindler Uwe Schindler

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment