CVE-2013-6397: Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) o...

Description

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.

Metrics

EPSS Probability

56.26%

98.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-22

Affected Software

Vendor	Product	Versions
Apache	Solr	<= 4.5.1
Apache	Solr	4.0.0
Apache	Solr	4.1.0
Apache	Solr	4.2.0
Apache	Solr	4.2.1
Apache	Solr	4.3.0
Apache	Solr	4.3.1
Apache	Solr	4.4.0
Apache	Solr	4.5.0

References

Timeline

Published: Dec 7, 2013
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2013-6397?

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.

How severe is CVE-2013-6397?

Severity scoring for CVE-2013-6397 is pending analysis. The EPSS model estimates a 56.26% probability of exploitation in the next 30 days.

How do I fix CVE-2013-6397?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.