CVE-2014-3628

Published Jan 6, 2015

Last updated a month ago

CVSS info 4.3

Overview

Description: Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object.
Source: secalert@redhat.com
NVD status: Modified
Products: solr

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:solr:4.0.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "06216B21-FC73-480F-90A2-B0D358FAEE11",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:apache:solr:4.0.0:alpha:*:*:*:*:*:*",
            "matchCriteriaId": "49D9F075-B18A-4634-8AA1-DE1399548838",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:apache:solr:4.0.0:beta:*:*:*:*:*:*",
            "matchCriteriaId": "0CFB9E78-22B2-4683-BD17-1600A3057FF3",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:apache:solr:4.1.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "4AF6C877-D6B6-40A8-9A73-0B327898F8E2",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:apache:solr:4.2.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "1C085709-D90B-44AC-89E1-3D2779956B89",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:apache:solr:4.2.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "F36E7460-4056-4608-96BA-622FF2770DBB",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:apache:solr:4.3.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "8444B03D-D600-4C30-85F3-E2497270768A",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:apache:solr:4.3.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "CA07EC5A-CE8F-403E-91C1-8E7D79CD573F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:apache:solr:4.4.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "D09D035F-9B45-4758-ADCD-D6BF8B95AACB",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:apache:solr:4.5.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "F01B2DB5-EFEB-472C-B7F7-0B7B5229D488",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:apache:solr:4.5.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "BFCEABDD-BFD8-4A41-A4F7-9A52B9DAD3DA",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:apache:solr:4.6.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "C84D0D08-E88E-480D-8F31-BEF6B9088A89",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:apache:solr:4.6.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "3F9D6B83-4C52-4381-B3E8-EFEE9CB27BA1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:apache:solr:4.7.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "6F196209-5EF1-4D70-A9C5-1A2BF4EEFFE1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:apache:solr:4.7.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "6867CFDA-8491-40C7-8D16-D2351B670440",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:apache:solr:4.7.2:*:*:*:*:*:*:*",
            "matchCriteriaId": "6DEFFA9F-250B-4CAF-ABE8-50624ECD03F3",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:apache:solr:4.8.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "361198D9-108E-46D6-ACDA-5EB7873BAC91",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:apache:solr:4.8.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "A4737FB4-2382-4DD5-B631-6BB6848D8992",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:apache:solr:4.9.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "272AD38D-7295-43F5-AEFA-B2049DDBB56A",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:apache:solr:4.9.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "29A22106-9261-4539-8375-FD23BE92AF60",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:apache:solr:4.10.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "E6A92AF0-1E26-4CBB-8189-C66F1F38265F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:apache:solr:4.10.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "B5D47587-0BEA-4C3D-9F8D-88EFCEAEAD87",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:apache:solr:4.10.2:*:*:*:*:*:*:*",
            "matchCriteriaId": "9741122C-B94B-4A19-9D5D-D4A2DBFBA159",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

Related CVEs

References