漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. The manipulated files can be uploaded as configsets using Solr's API, allowing to exploit that vulnerability.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Solr 安全漏洞
Vulnerability Description
Apache Solr是美国阿帕奇(Apache)软件基金会的一款基于Lucene(一个全文检索引擎的架构)的搜索服务器,它支持层面搜索、垂直搜索、高亮显示搜索结果、多种输出格式等。 Apache Solr 6.0.0版本至6.6.4版本和7.0.0版本至7.3.1版本中的Solr配置文件(currency.xml、 enumsConfig.xml和TIKA parsecontext配置文件)存在XML外部实体注入漏洞。攻击者可通过Solr API上传被操纵的文件利用该漏洞读取Solr服务器或内部网络上任
CVSS Information
N/A
Vulnerability Type
N/A