Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache solr vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2015-8795
Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr prior to 5.1 allow remote malicious users to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scrip...
Apache Solr
6.1
CVSSv3
CVE-2015-8796
Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr prior to 5.3 allows remote malicious users to inject arbitrary web script or HTML via a crafted schema-browse URL.
Apache Solr
6.1
CVSSv3
CVE-2015-8797
Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr prior to 5.3.1 allows remote malicious users to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI.
Apache Solr
7.5
CVSSv3
CVE-2019-12401
Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the s...
Apache Solr
8.8
CVSSv3
CVE-2020-13941
Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBack...
Apache Solr
9.8
CVSSv3
CVE-2020-13957
Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in plac...
Apache Solr
2 Github repositories
7.5
CVSSv3
CVE-2017-3164
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.
Apache Solr
1 Github repository
7.2
CVSSv3
CVE-2019-0193
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses ...
Apache Solr
10 Github repositories
NA
CVE-2009-3821
Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Apache Solr 1.0.0
7.5
CVSSv3
CVE-2021-33813
An XXE issue in SAXBuilder in JDOM up to and including 2.0.6 allows malicious users to cause a denial of service via a crafted HTTP request.
Jdom Jdom
Apache Solr 8.8.1
Apache Solr 8.9
Apache Tika 1.25
Debian Debian Linux 9.0
Fedoraproject Fedora 35
Oracle Communications Messaging Server 8.1
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »