VDB
CVE-2013-6408
CVE-2013-6408
REJECTED
The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407.
EPSS 11.39% · 93.7th percentile
Risk Scores
EPSS Score
11.39%
93.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | lucene-solr | 0, 3.6.2+dfsg-1 |
| Ubuntu:16.04:LTS | lucene-solr | 0, 3.6.2+dfsg-7 |
Timeline
- Dec 7, 2013 CVE Published
- Jul 17, 2014 CVE Updated
- Feb 4, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- May 1, 2025 EPSS Score
- May 4, 2025 EPSS Score
- Jun 1, 2025 EPSS Score
- Jun 4, 2025 EPSS Score
- Jul 1, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2013-6408 third-party-advisory
- https://issues.apache.org/jira/browse/SOLR-4881 third-party-advisory
- http://www.openwall.com/lists/oss-security/2013/11/28 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2013-6408 third-party-advisory