{"containers": {"cna": {"affected": [{"product": "Solr", "vendor": "Apache", "versions": [{"status": "affected", "version": "1.3.0 to 1.4.1"}, {"status": "affected", "version": "3.1.0 to 3.6.2"}, {"status": "affected", "version": "4.0.0 to 4.10.4"}]}], "descriptions": [{"lang": "en", "value": "Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it\u2019s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs."}], "problemTypes": [{"descriptions": [{"description": "XML Entity Expansion", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-07-21T13:37:58", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"name": "[lucene-general] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/7ab5e95a1a0b4f35ffe53f1eb0cb74b4348b49d41b72ac155b843fa2%40%3Cgeneral.lucene.apache.org%3E"}, {"name": "[lucene-dev] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/048ae6e4f84a88e8856f766320b48ad91f9fca2c6f621aa2c40088fe%40%3Cdev.lucene.apache.org%3E"}, {"name": "[oss-security] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/09/10/1"}, {"name": "[lucene-dev] 20190909 [jira] [Resolved] (SOLR-13750) [CVE-2019-12401] XML Bomb in Apache Solr versions prior to 5.0.0", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/521d10a19bfb590f86dff41820ccfb11e92281f233a12c882650931e%40%3Cdev.lucene.apache.org%3E"}, {"name": "[announce] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/1c92300643f48f13bc59b15e3f886ba62bae1798c7d4c2e5c1ece09b%40%3Cannounce.apache.org%3E"}, {"name": "[lucene-solr-user] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/60a924662ead9aeea74e8ea128d9ca935f8de925aa71b15ab2787d6a%40%3Csolr-user.lucene.apache.org%3E"}, {"name": "[lucene-dev] 20190909 [jira] [Updated] (SOLR-13750) [CVE-2019-12401] XML Bomb in Apache Solr versions prior to 5.0.0", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/db8eaca456d03c00a66cbe37548978318d424b9997e3fd7f5c65dffe%40%3Cdev.lucene.apache.org%3E"}, {"name": "[www-announce] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201909.mbox/%3CCAECwjAXU4%3DkAo5DeUJw7Kvk67sgCmajAN7LGZQNjbjZ8gv%3DBdw%40mail.gmail.com%3E"}, {"name": "[lucene-dev] 20190911 [jira] [Commented] (SOLR-13750) [CVE-2019-12401] XML Bomb in Apache Solr versions prior to 5.0.0", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/0ec231c5ed8d242890e21806d25fdd47f80cc47cac278d2fc1c9c579%40%3Cdev.lucene.apache.org%3E"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190926-0002/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12401-XML%20Bomb-Apache%20Solr"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2019-12401", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Solr", "version": {"version_data": [{"version_value": "1.3.0 to 1.4.1"}, {"version_value": "3.1.0 to 3.6.2"}, {"version_value": "4.0.0 to 4.10.4"}]}}]}, "vendor_name": "Apache"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it\u2019s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "XML Entity Expansion"}]}]}, "references": {"reference_data": [{"name": "[lucene-general] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/7ab5e95a1a0b4f35ffe53f1eb0cb74b4348b49d41b72ac155b843fa2@%3Cgeneral.lucene.apache.org%3E"}, {"name": "[lucene-dev] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/048ae6e4f84a88e8856f766320b48ad91f9fca2c6f621aa2c40088fe@%3Cdev.lucene.apache.org%3E"}, {"name": "[oss-security] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/09/10/1"}, {"name": "[lucene-dev] 20190909 [jira] [Resolved] (SOLR-13750) [CVE-2019-12401] XML Bomb in Apache Solr versions prior to 5.0.0", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/521d10a19bfb590f86dff41820ccfb11e92281f233a12c882650931e@%3Cdev.lucene.apache.org%3E"}, {"name": "[announce] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/1c92300643f48f13bc59b15e3f886ba62bae1798c7d4c2e5c1ece09b@%3Cannounce.apache.org%3E"}, {"name": "[lucene-solr-user] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/60a924662ead9aeea74e8ea128d9ca935f8de925aa71b15ab2787d6a@%3Csolr-user.lucene.apache.org%3E"}, {"name": "[lucene-dev] 20190909 [jira] [Updated] (SOLR-13750) [CVE-2019-12401] XML Bomb in Apache Solr versions prior to 5.0.0", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/db8eaca456d03c00a66cbe37548978318d424b9997e3fd7f5c65dffe@%3Cdev.lucene.apache.org%3E"}, {"name": "[www-announce] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0", "refsource": "MLIST", "url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201909.mbox/%3CCAECwjAXU4%3DkAo5DeUJw7Kvk67sgCmajAN7LGZQNjbjZ8gv%3DBdw%40mail.gmail.com%3E"}, {"name": "[lucene-dev] 20190911 [jira] [Commented] (SOLR-13750) [CVE-2019-12401] XML Bomb in Apache Solr versions prior to 5.0.0", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/0ec231c5ed8d242890e21806d25fdd47f80cc47cac278d2fc1c9c579@%3Cdev.lucene.apache.org%3E"}, {"name": "https://security.netapp.com/advisory/ntap-20190926-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190926-0002/"}, {"name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12401-XML%20Bomb-Apache%20Solr", "refsource": "MISC", "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12401-XML%20Bomb-Apache%20Solr"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:17:40.122Z"}, "title": "CVE Program Container", "references": [{"name": "[lucene-general] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/7ab5e95a1a0b4f35ffe53f1eb0cb74b4348b49d41b72ac155b843fa2%40%3Cgeneral.lucene.apache.org%3E"}, {"name": "[lucene-dev] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/048ae6e4f84a88e8856f766320b48ad91f9fca2c6f621aa2c40088fe%40%3Cdev.lucene.apache.org%3E"}, {"name": "[oss-security] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/09/10/1"}, {"name": "[lucene-dev] 20190909 [jira] [Resolved] (SOLR-13750) [CVE-2019-12401] XML Bomb in Apache Solr versions prior to 5.0.0", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/521d10a19bfb590f86dff41820ccfb11e92281f233a12c882650931e%40%3Cdev.lucene.apache.org%3E"}, {"name": "[announce] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/1c92300643f48f13bc59b15e3f886ba62bae1798c7d4c2e5c1ece09b%40%3Cannounce.apache.org%3E"}, {"name": "[lucene-solr-user] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/60a924662ead9aeea74e8ea128d9ca935f8de925aa71b15ab2787d6a%40%3Csolr-user.lucene.apache.org%3E"}, {"name": "[lucene-dev] 20190909 [jira] [Updated] (SOLR-13750) [CVE-2019-12401] XML Bomb in Apache Solr versions prior to 5.0.0", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/db8eaca456d03c00a66cbe37548978318d424b9997e3fd7f5c65dffe%40%3Cdev.lucene.apache.org%3E"}, {"name": "[www-announce] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201909.mbox/%3CCAECwjAXU4%3DkAo5DeUJw7Kvk67sgCmajAN7LGZQNjbjZ8gv%3DBdw%40mail.gmail.com%3E"}, {"name": "[lucene-dev] 20190911 [jira] [Commented] (SOLR-13750) [CVE-2019-12401] XML Bomb in Apache Solr versions prior to 5.0.0", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/0ec231c5ed8d242890e21806d25fdd47f80cc47cac278d2fc1c9c579%40%3Cdev.lucene.apache.org%3E"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190926-0002/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12401-XML%20Bomb-Apache%20Solr"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2019-12401", "datePublished": "2019-09-10T14:06:54", "dateReserved": "2019-05-28T00:00:00", "dateUpdated": "2024-08-04T23:17:40.122Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*", "matchCriteriaId": "8CC343D5-E5B7-4F01-97BE-1E5985F3097A", "versionEndIncluding": "1.4.1", "versionStartIncluding": "1.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E19DCEC-A1A0-4E52-8DFD-A8E7CFD12A0D", "versionEndIncluding": "3.6.2", "versionStartIncluding": "3.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*", "matchCriteriaId": "F22D430D-3CF4-455B-B2C4-8B2FBF922E72", "versionEndIncluding": "4.10.4", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it\u2019s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs."}, {"lang": "es", "value": "Las versiones de Solr 1.3.0 a 1.4.1, 3.1.0 a 3.6.2 y 4.0.0 a 4.10.4 son vulnerables a un ataque de consumo de recursos XML (tambi\u00e9n conocido como Lol Bomb) a trav\u00e9s de su controlador de actualizaci\u00f3n. En el caso de los elementos de tipo, el atacante puede crear un patr\u00f3n que se expandir\u00e1 cuando el servidor analice el XML que causa los OOM."}], "id": "CVE-2019-12401", "lastModified": "2023-11-07T03:03:33.210", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-10T15:15:11.737", "references": [{"source": "security@apache.org", "tags": ["Broken Link", "Mailing List", "Vendor Advisory"], "url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201909.mbox/%3CCAECwjAXU4%3DkAo5DeUJw7Kvk67sgCmajAN7LGZQNjbjZ8gv%3DBdw%40mail.gmail.com%3E"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/09/10/1"}, {"source": "security@apache.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12401-XML%20Bomb-Apache%20Solr"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/048ae6e4f84a88e8856f766320b48ad91f9fca2c6f621aa2c40088fe%40%3Cdev.lucene.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/0ec231c5ed8d242890e21806d25fdd47f80cc47cac278d2fc1c9c579%40%3Cdev.lucene.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/1c92300643f48f13bc59b15e3f886ba62bae1798c7d4c2e5c1ece09b%40%3Cannounce.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/521d10a19bfb590f86dff41820ccfb11e92281f233a12c882650931e%40%3Cdev.lucene.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/60a924662ead9aeea74e8ea128d9ca935f8de925aa71b15ab2787d6a%40%3Csolr-user.lucene.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/7ab5e95a1a0b4f35ffe53f1eb0cb74b4348b49d41b72ac155b843fa2%40%3Cgeneral.lucene.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/db8eaca456d03c00a66cbe37548978318d424b9997e3fd7f5c65dffe%40%3Cdev.lucene.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190926-0002/"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-776"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "solr: XML resource consumption attack via update handler", "id": "1789513", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789513"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-20", "details": ["Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it\u2019s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs."], "name": "CVE-2019-12401", "package_state": [{"cpe": "cpe:/a:redhat:jboss_data_virtualization:6", "fix_state": "Out of support scope", "package_name": "solr-core", "product_name": "Red Hat JBoss Data Virtualization 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "solr-core", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Not affected", "package_name": "solr-core", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Not affected", "package_name": "solr-core", "product_name": "Red Hat JBoss Fuse Service Works 6"}], "public_date": "2019-09-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-12401\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12401"], "threat_severity": "Moderate", "upstream_fix": "solr 5.0"}