Candidate: CVE-2013-6397
PublicDate: 2013-12-07 20:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6397
 https://issues.apache.org/jira/browse/SOLR-4882
 http://www.openwall.com/lists/oss-security/2013/11/26
Description:
 Directory traversal vulnerability in SolrResourceLoader in Apache Solr
 before 4.6 allows remote attackers to read arbitrary files via a .. (dot
 dot) or full pathname in the tr parameter to solr/select/, when the
 response writer (wt parameter) is set to XSLT.  NOTE: this can be leveraged
 using a separate XXE (XML eXternal Entity) vulnerability to allow access to
 files across restricted network boundaries.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_lucene-solr:
upstream_lucene-solr: released (3.6.2+dfsg-2)
lucid_lucene-solr: DNE
precise_lucene-solr: DNE
quantal_lucene-solr: ignored (reached end-of-life)
raring_lucene-solr: ignored (reached end-of-life)
saucy_lucene-solr: ignored (reached end-of-life)
trusty_lucene-solr: not-affected (3.6.2+dfsg-2)
trusty/esm_lucene-solr: DNE (trusty was not-affected [3.6.2+dfsg-2])
utopic_lucene-solr: ignored (reached end-of-life)
vivid_lucene-solr: ignored (reached end-of-life)
vivid/stable-phone-overlay_lucene-solr: DNE
vivid/ubuntu-core_lucene-solr: DNE
wily_lucene-solr: ignored (reached end-of-life)
xenial_lucene-solr: not-affected (3.6.2+dfsg-8)
yakkety_lucene-solr: not-affected (3.6.2+dfsg-8)
devel_lucene-solr: not-affected