OpenCms Solr XML External Entity (XXE) vulnerability
Description
The Apache Solr component integrated within OpenCms is vulnerable to XML External Entity (XXE) injection. This vulnerability occurs when the XML parser processes external entity references without proper validation, allowing attackers to send specially crafted XML requests that exploit the parser's configuration. Successful exploitation can lead to unauthorized file system access, server-side request forgery (SSRF), or denial-of-service conditions.
Remediation
Upgrade Apache Solr to the latest stable version that addresses this XXE vulnerability. If immediate upgrading is not feasible, implement the following mitigation measures:
1. Disable XML external entity processing in all XML parsers used by the application by configuring the following properties:
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
dbf.setFeature("http://xml.org/sax/features/external-general-entities", false);
dbf.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
dbf.setXIncludeAware(false);
dbf.setExpandEntityReferences(false);2. Implement input validation to reject XML documents containing DOCTYPE declarations or external entity references.
3. Apply network segmentation to restrict the application's ability to make outbound requests to internal systems.
4. Review and apply security patches provided by the OpenCms project for the Solr integration component.