VYPR
Moderate severityNVD Advisory· Published Dec 7, 2013· Updated Jun 17, 2026

CVE-2013-6397

CVE-2013-6397

Description

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.solr:solr-coreMaven
< 4.6.04.6.0

Affected products

12
  • Apache/Solr11 versions
    cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*range: <=4.5.1
    • cpe:2.3:a:apache:solr:4.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:solr:4.0.0:alpha:*:*:*:*:*:*
    • cpe:2.3:a:apache:solr:4.0.0:beta:*:*:*:*:*:*
    • cpe:2.3:a:apache:solr:4.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:solr:4.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:solr:4.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:solr:4.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:solr:4.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:solr:4.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:solr:4.5.0:*:*:*:*:*:*:*
  • ghsa-coords
    Range: < 4.6.0

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.