CVE-2018-1308

NameCVE-2018-1308
DescriptionThis vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1360-1, DSA-4194-1
Debian Bugs896604

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
lucene-solr (PTS)jessie, jessie (lts)3.6.2+dfsg-5+deb8u3fixed
stretch (security), stretch (lts), stretch3.6.2+dfsg-10+deb9u3fixed
buster3.6.2+dfsg-20+deb10u2fixed
bullseye3.6.2+dfsg-24fixed
sid, trixie, bookworm3.6.2+dfsg-26fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
lucene-solrsourcewheezy3.6.0+dfsg-1+deb7u4DLA-1360-1
lucene-solrsourcejessie3.6.2+dfsg-5+deb8u2DSA-4194-1
lucene-solrsourcestretch3.6.2+dfsg-10+deb9u2DSA-4194-1
lucene-solrsource(unstable)3.6.2+dfsg-12896604

Notes

https://www.openwall.com/lists/oss-security/2018/04/08/3
https://issues.apache.org/jira/browse/SOLR-11971
master: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/02c693f3
branch_7x: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/739a7933
branch_6_6: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/dd3be31f
Search for package or bug name: Reporting problems