Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability



Apache Solr is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Information

Bugtraq ID: 85205
Class: Input Validation Error
CVE: CVE-2015-8796

Remote: Yes
Local: No
Published: Feb 14 2016 12:00AM
Updated: Jul 26 2017 12:08PM
Credit: The vendor reported this issue.
Vulnerable: IBM Websphere Portal 8.5
IBM Websphere Portal 8.0
Apache Solr 4.5.1
Apache Solr 4.4
Apache Solr 4.3.1
Apache Solr 3.6.1
Apache Solr 5.2.1
Apache Solr 4.5.0
Apache Solr 4.4
Apache Solr 4.3.0
Apache Solr 4.3
Apache Solr 4.2.1
Apache Solr 4.2.0
Apache Solr 4.1.0
Apache Solr 4.1
Apache Solr 4.0.0
Apache Solr 3.6.2
Apache Solr 3.6.0


Not Vulnerable: Apache Solr 5.3


Exploit


To exploit this issue an attacker must entice an unsuspecting victim to open a malicious URI.


Related Posts

Comments