This vulnerability appears to have been discovered and reported by Martin Herfurt and Uwe Schindler (please submit corrections with references if this is inaccurate). Example code was not provided - the details of the vulnerability were determined by manual testing.

https://issues.apache.org/jira/browse/SOLR-3895

https://issues.apache.org/jira/browse/SOLR-4881

http://www.openwall.com/lists/oss-security/2013/11/29/2

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6407

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6408