Miggo Logo
Book a Demo
Miggo Vulnerability Database
CVE-2018-1308

CVE-2018-1308:
There is a XML external entity expansion (XXE) vulnerability in Apache Solr

7.5

CVSS Score

Basic Information

CVE ID
CVE-2018-1308
GHSA ID
GHSA-3pph-2595-cgfh
EPSS Score
-
CWE
CWE-611
Published
10/17/2018
Updated
3/4/2024
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.solr:solr-coremaven>= 1.2, < 6.6.36.6.3
org.apache.solr:solr-coremaven>= 7.0.0, < 7.3.07.3.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from insecure XML parsing in DataImportHandler's configuration processing. The commit diffs show critical changes in DataImporter.java where:

  1. DocumentBuilderFactory security settings were added (dbf.setValidating(false))
  2. Entity resolution was restricted to EmptyEntityResolver.SAX_INSTANCE when systemId isn't present
  3. XInclude handling was gated behind systemId validation These changes indicate the original implementation lacked proper restrictions for external entity expansion when parsing user-controlled XML input via the dataConfig parameter, making the loadDataConfig function the vulnerable entry point. The test case additions in TestErrorHandling.java further validate that external entity handling was a core issue.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T*is vuln*r**ility in *p**** Solr *.* to *.*.* *n* *.*.* to *.*.* r*l*t*s to *n XML *xt*rn*l *ntity *xp*nsion (XX*) in t** `&**t**on*i*=<inlin*xml>` p*r*m*t*r o* Solr's **t*Import**n*l*r. It **n ** us** *s XX* usin* *il*/*tp/*ttp proto*ols in or**r t

Reasoning

T** vuln*r**ility st*ms *rom ins**ur* XML p*rsin* in **t*Import**n*l*r's *on*i*ur*tion pro**ssin*. T** *ommit *i**s s*ow *riti**l ***n**s in **t*Import*r.j*v* w**r*: *. *o*um*nt*uil**r***tory s**urity s*ttin*s w*r* ***** (***.s*tV*li**tin*(**ls*)) *.