{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-27T01:26:12.770","vulnerabilities":[{"cve":{"id":"CVE-2013-6397","sourceIdentifier":"secalert@redhat.com","published":"2013-12-07T20:55:02.633","lastModified":"2026-06-17T00:00:24.923","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT.  NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries."},{"lang":"es","value":"Vulnerabilidad de salto de directorio en SolrResourceLoader en Apache Solr anteriores a 4.6 permite a atacantes remotos leer ficheros arbitrarios a través de un .. (punto puno) o nombre de directorio completo en el parámetro tr de solr/select/, cuando el escritor de respuesta (parámetro wt) se establece a XLST. NOTA: esto puede ser aprovechado utilizando una vulnerabilidad XXE (XML eXternal Entity) diferente para permitir acceso a ficheros a través de límites de red restringidos."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*","versionEndIncluding":"4.5.1","matchCriteriaId":"037FEB16-6126-4951-B8FD-D56CF268CFBF"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:solr:4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"06216B21-FC73-480F-90A2-B0D358FAEE11"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:solr:4.0.0:alpha:*:*:*:*:*:*","matchCriteriaId":"49D9F075-B18A-4634-8AA1-DE1399548838"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:solr:4.0.0:beta:*:*:*:*:*:*","matchCriteriaId":"0CFB9E78-22B2-4683-BD17-1600A3057FF3"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:solr:4.1.0:*:*:*:*:*:*:*","matchCriteriaId":"4AF6C877-D6B6-40A8-9A73-0B327898F8E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:solr:4.2.0:*:*:*:*:*:*:*","matchCriteriaId":"1C085709-D90B-44AC-89E1-3D2779956B89"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:solr:4.2.1:*:*:*:*:*:*:*","matchCriteriaId":"F36E7460-4056-4608-96BA-622FF2770DBB"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:solr:4.3.0:*:*:*:*:*:*:*","matchCriteriaId":"8444B03D-D600-4C30-85F3-E2497270768A"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:solr:4.3.1:*:*:*:*:*:*:*","matchCriteriaId":"CA07EC5A-CE8F-403E-91C1-8E7D79CD573F"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:solr:4.4.0:*:*:*:*:*:*:*","matchCriteriaId":"D09D035F-9B45-4758-ADCD-D6BF8B95AACB"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:solr:4.5.0:*:*:*:*:*:*:*","matchCriteriaId":"F01B2DB5-EFEB-472C-B7F7-0B7B5229D488"}]}]}],"references":[{"url":"http://lucene.apache.org/solr/4_6_0/changes/Changes.html","source":"secalert@redhat.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-1844.html","source":"secalert@redhat.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2014-0029.html","source":"secalert@redhat.com"},{"url":"http://secunia.com/advisories/55730","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"http://secunia.com/advisories/59372","source":"secalert@redhat.com"},{"url":"http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html","source":"secalert@redhat.com","tags":["Exploit"]},{"url":"http://www.openwall.com/lists/oss-security/2013/11/27/1","source":"secalert@redhat.com"},{"url":"http://www.securityfocus.com/bid/63935","source":"secalert@redhat.com"},{"url":"https://issues.apache.org/jira/browse/SOLR-4882","source":"secalert@redhat.com","tags":["Patch"]},{"url":"http://lucene.apache.org/solr/4_6_0/changes/Changes.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-1844.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2014-0029.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/55730","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://secunia.com/advisories/59372","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.openwall.com/lists/oss-security/2013/11/27/1","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/63935","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://issues.apache.org/jira/browse/SOLR-4882","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}}]}