CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-6397

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.933

EPSS Ranking 99.8%

CVSS Severity

CVSS v2 Score 4.3

References

Products affected by CVE-2013-6397

Apache » Solr » Version: N/A

cpe:2.3:a:apache:solr:-
Apache » Solr » Version: 1.1.0

cpe:2.3:a:apache:solr:1.1.0
Apache » Solr » Version: 1.2

cpe:2.3:a:apache:solr:1.2
Apache » Solr » Version: 1.2.0

cpe:2.3:a:apache:solr:1.2.0
Apache » Solr » Version: 1.3.0

cpe:2.3:a:apache:solr:1.3.0
Apache » Solr » Version: 1.4.0

cpe:2.3:a:apache:solr:1.4.0
Apache » Solr » Version: 1.4.1

cpe:2.3:a:apache:solr:1.4.1
Apache » Solr » Version: 3.1

cpe:2.3:a:apache:solr:3.1
Apache » Solr » Version: 3.1.0

cpe:2.3:a:apache:solr:3.1.0
Apache » Solr » Version: 3.2

cpe:2.3:a:apache:solr:3.2
Apache » Solr » Version: 3.2.0

cpe:2.3:a:apache:solr:3.2.0
Apache » Solr » Version: 3.3

cpe:2.3:a:apache:solr:3.3
Apache » Solr » Version: 3.3.0

cpe:2.3:a:apache:solr:3.3.0
Apache » Solr » Version: 3.4.0

cpe:2.3:a:apache:solr:3.4.0
Apache » Solr » Version: 3.5.0

cpe:2.3:a:apache:solr:3.5.0
Apache » Solr » Version: 3.6.0

cpe:2.3:a:apache:solr:3.6.0
Apache » Solr » Version: 3.6.1

cpe:2.3:a:apache:solr:3.6.1
Apache » Solr » Version: 3.6.2

cpe:2.3:a:apache:solr:3.6.2
Apache » Solr » Version: 4.0.0

cpe:2.3:a:apache:solr:4.0.0
Apache » Solr » Version: 4.1.0

cpe:2.3:a:apache:solr:4.1.0
Apache » Solr » Version: 4.2.0

cpe:2.3:a:apache:solr:4.2.0
Apache » Solr » Version: 4.2.1

cpe:2.3:a:apache:solr:4.2.1
Apache » Solr » Version: 4.3.0

cpe:2.3:a:apache:solr:4.3.0
Apache » Solr » Version: 4.3.1

cpe:2.3:a:apache:solr:4.3.1
Apache » Solr » Version: 4.4.0

cpe:2.3:a:apache:solr:4.4.0
Apache » Solr » Version: 4.5.0

cpe:2.3:a:apache:solr:4.5.0
Apache » Solr » Version: 4.5.1

cpe:2.3:a:apache:solr:4.5.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-6397

Products

Pricing

Contact Us