Apache Solr is prone to multiple information-disclosure vulnerabilities.
An attacker can exploit these issues to gain access to sensitive information that may lead to further attacks.
Apache Solr versions 6.0.0 through 6.6.3, and 7.0.0 through 7.3.0 are vulnerable.
Information
Apache Solr 7.0
Apache Solr 6.6.3
Apache Solr 6.6.2
Apache Solr 6.6.1
Apache Solr 6.6
Apache Solr 6.5.1
Apache Solr 6.5
Apache Solr 6.4
Apache Solr 6.3
Apache Solr 6.2
Apache Solr 7.3
Apache Solr 6.6
Apache Solr 6.3
Apache Solr 6.0
Apache Solr 6.6.4
Apache Solr 7.4
Exploit
An attacker can exploit these issues using readily available tools.
References:
- Apache Solr Homepage (Apache)
- Bug 1581037 - (CVE-2018-8010) CVE-2018-8010 solr: XML external entity expansion (Red Hat Bugzilla)
- CVE-2018-8010 (Red Hat Bugzilla)
- CVE-2018-8010: Prevent XXE in solrconfig.xml and managed-schema(.xml) (Apache)