Apache Solr XXE CVE-2018-1308 Arbitrary Local File Read

Authors:Rich in wheat          Risk:High
 
CVE:CVE-2018-1308             0day:Arbitrary Local File Read  

0day-id:0DAY-1308              Date:2018-04-12

Description

A vulnerability in the DataImportHandler of Apache Solr could allow an unauthenticated, remote attacker to conduct an XML external entity expansion (XXE) attack on a targeted system.

The vulnerability exists in the dataConfig request parameter in the DataImportHandler of the affected software. An attacker could exploit this vulnerability by making a customized file, FTP, or HTTP request to the targeted system. A successful exploit could allow the attacker to conduct an XXE attack, which the attacker could use to read sensitive, local file information on the system or to access sensitive information from the internal network in which the system resides.

Proof-of-concept code that demonstrates an exploit of this vulnerability is publicly available.

The Apache Software Foundation has confirmed the vulnerability and released software updates.

Analysis

  • To exploit this vulnerability, an attacker must send a request to the targeted system, which may require access to trusted, internal networks. This access limitation reduces the likelihood of a successful exploit.

Safeguards

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators are advised to allow only privileged users to access administration or management systems.

Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.

Administrators are advised to monitor affected systems.

Vendor Announcements

The Apache Software Foundation has released a bug report and a security advisory at the following links: SOLR-11971 and CVE-2018-1308

Fixed Software

The Apache Software Foundation has released a patch and software updates at the following links: SOLR-11971.patch and Solr 6.6.3 and 7.3.0

Revision History

Version Description Section Date
1 Initial public release. 2018-April-11

Affected Products

The security vulnerability applies to the following combinations of products.

Primary Products
Apache Software Foundation Apache Solr 1.2 (.0) | 1.3 (.0) | 1.4 (.0, .1) | 3.1 (.0) | 3.2 (.0) | 3.3 (.0) | 3.4 (.0) | 3.5 (.0) | 3.6 (.0, .1, .2) | 4.0 (.0) | 4.1 (.0) | 4.2 (.0, .1) | 4.3 (.0, .1) | 4.4 (.0) | 4.5 (.0, .1) | 4.6 (.0, .1) | 4.7 (.0, .1, .2) | 4.8 (.0, .1) | 4.9 (.0, .1) | 4.10 (.0, .1, .2, .3, .4) | 5.0 (.0) | 5.1 (.0) | 5.2 (.0, .1) | 5.3 (.0, .1, .2) | 5.4 (.0, .1) | 5.5 (.0, .1, .2, .3, .4, .5) | 6.0 (.0, .1) | 6.1 (.0) | 6.2 (.0, .1) | 6.3 (.0) | 6.4 (.0, .1, .2) | 6.5 (.0, .1) | 6.6 (.0, .1, .2) | 7.0 (.0, .1) | 7.1 (.0) | 7.2 (.0, .1)

Leave a Reply