Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-11971

CVE-2018-1308: XXE attack through DIH's dataConfig request parameter

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    Description

      We got a security report about an XXE attack when using the &dataConfig=<inlinexml> of Solr's DataImportHandler. See the attached PDF file with full details (I converted it to PDF, originally it was a DOC file).

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            uschindler Uwe Schindler
            uschindler Uwe Schindler
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment