Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache solr vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2014-3628
Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x prior to 4.10.3 allows remote malicious users to inject arbitrary web script or HTML via the fieldvaluecache object.
Apache Solr 4.0.0
Apache Solr 4.1.0
Apache Solr 4.2.0
Apache Solr 4.2.1
Apache Solr 4.3.0
Apache Solr 4.3.1
Apache Solr 4.4.0
Apache Solr 4.5.0
Apache Solr 4.5.1
Apache Solr 4.6.0
Apache Solr 4.6.1
Apache Solr 4.7.0
7.5
CVSSv3
CVE-2017-7660
Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe t...
Apache Solr 5.3.0
Apache Solr 5.3.1
Apache Solr 5.3.2
Apache Solr 5.4.0
Apache Solr 5.4.1
Apache Solr 5.5.0
Apache Solr 5.5.1
Apache Solr 5.5.2
Apache Solr 5.5.3
Apache Solr 5.5.4
Apache Solr 6.0.0
Apache Solr 6.0.1
4.3
CVSSv2
CVE-2013-6397
Directory traversal vulnerability in SolrResourceLoader in Apache Solr prior to 4.6 allows remote malicious users to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this ca...
Apache Solr
Apache Solr 4.0.0
Apache Solr 4.1.0
Apache Solr 4.2.0
Apache Solr 4.2.1
Apache Solr 4.3.0
Apache Solr 4.3.1
Apache Solr 4.4.0
Apache Solr 4.5.0
1 Github repository
7.5
CVSSv3
CVE-2017-9803
Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality (when using SecurityAwareZkACLProvider type of ACL provider e...
Apache Solr 6.2.0
Apache Solr 6.2.1
Apache Solr 6.3.0
Apache Solr 6.4.0
Apache Solr 6.4.1
Apache Solr 6.4.2
Apache Solr 6.5.0
Apache Solr 6.5.1
Apache Solr 6.6.0
6.4
CVSSv2
CVE-2013-6408
The DocumentAnalysisRequestHandler in Apache Solr prior to 4.3.1 does not properly use the EmptyEntityResolver, which allows remote malicious users to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, relate...
Apache Solr
Apache Solr 3.6.0
Apache Solr 3.6.1
Apache Solr 3.6.2
Apache Solr 4.0.0
Apache Solr 4.1.0
Apache Solr 4.2.0
Apache Solr 4.2.1
6.4
CVSSv2
CVE-2013-6407
The UpdateRequestHandler for XML in Apache Solr prior to 4.1 allows remote malicious users to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Apache Solr
Apache Solr 3.6.0
Apache Solr 3.6.1
Apache Solr 3.6.2
Apache Solr 4.0.0
10
CVSSv2
CVE-2013-6288
Unspecified vulnerability in the Apache Solr for TYPO3 (solr) extension prior to 2.8.3 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize."
Ingo Renner Apache Solr
Ingo Renner Apache Solr 1.0
Ingo Renner Apache Solr 1.3.0
Ingo Renner Apache Solr 1.3.1
Ingo Renner Apache Solr 2.1.0
Ingo Renner Apache Solr 2.2.0
Ingo Renner Apache Solr 2.2.1
Ingo Renner Apache Solr 2.2.2
Ingo Renner Apache Solr 2.8.0
Ingo Renner Apache Solr 2.8.1
4.3
CVSSv2
CVE-2013-6289
Cross-site scripting (XSS) vulnerability in the Apache Solr for TYPO3 (solr) extension prior to 2.8.3 for TYPO3 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Ingo Renner Apache Solr
Ingo Renner Apache Solr 1.0
Ingo Renner Apache Solr 1.3.0
Ingo Renner Apache Solr 1.3.1
Ingo Renner Apache Solr 2.1.0
Ingo Renner Apache Solr 2.2.0
Ingo Renner Apache Solr 2.2.1
Ingo Renner Apache Solr 2.2.2
Ingo Renner Apache Solr 2.8.0
Ingo Renner Apache Solr 2.8.1
7.5
CVSSv2
CVE-2012-6612
The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr prior to 4.1 allows remote malicious users to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Ent...
Apache Solr
Apache Solr 4.0.0
9.8
CVSSv3
CVE-2019-12409
The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will...
Apache Solr 8.1.1
Apache Solr 8.2.0
2 Github repositories
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-21317
CVE-2025-23940
buffer overflow
CVE-2025-21335
CVE-2025-23860
CVE-2024-57704
SSTI
wireless
CVE-2019-3309
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »