oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE Request: Apache Solr XXE

From: David Jorm <djorm () redhat com>
Date: Thu, 28 Nov 2013 23:55:17 -0500 (EST)
Hi All

Apache Solr 4.3.1, 4.4, 5.0 resolves multiple XXE flaws, as described in the following bugs:

https://issues.apache.org/jira/browse/SOLR-3895
https://issues.apache.org/jira/browse/SOLR-4881

I have confirmed that these issues can also be exploited on Apache Solr 3.6.2. Please assign a CVE ID for these XXE 
flaws (I think a single CVE ID is most appropriate).

Thanks
-- 
David Jorm / Red Hat Security Response Team
Previous By Date Next
Previous By Thread Next

Current thread: