Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Solr 路径遍历漏洞
Vulnerability Description
Apache Solr是美国阿帕奇(Apache)基金会的一款基于Lucene(一款全文搜索引擎)的搜索服务器。该产品支持层面搜索、垂直搜索、高亮显示搜索结果等。 Apache Solr 4.6之前的版本存在路径遍历漏洞。远程攻击者可通过tr参数中的目录遍历字符或完整的路径名利用该漏洞读取任意文件,泄露敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A