Candidate: CVE-2013-6408
PublicDate: 2013-12-07 20:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6408
 https://issues.apache.org/jira/browse/SOLR-4881
 http://www.openwall.com/lists/oss-security/2013/11/28
Description:
 The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not
 properly use the EmptyEntityResolver, which allows remote attackers to have
 an unspecified impact via XML data containing an external entity
 declaration in conjunction with an entity reference, related to an XML
 External Entity (XXE) issue.  NOTE: this vulnerability exists because of an
 incomplete fix for CVE-2013-6407.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_lucene-solr:
upstream_lucene-solr: released (3.6.2+dfsg-2)
lucid_lucene-solr: DNE
precise_lucene-solr: DNE
quantal_lucene-solr: ignored (reached end-of-life)
raring_lucene-solr: ignored (reached end-of-life)
saucy_lucene-solr: ignored (reached end-of-life)
trusty_lucene-solr: not-affected (3.6.2+dfsg-2)
trusty/esm_lucene-solr: DNE (trusty was not-affected [3.6.2+dfsg-2])
utopic_lucene-solr: ignored (reached end-of-life)
vivid_lucene-solr: ignored (reached end-of-life)
vivid/stable-phone-overlay_lucene-solr: DNE
vivid/ubuntu-core_lucene-solr: DNE
wily_lucene-solr: ignored (reached end-of-life)
xenial_lucene-solr: not-affected (3.6.2+dfsg-8)
yakkety_lucene-solr: not-affected (3.6.2+dfsg-8)
devel_lucene-solr: not-affected