Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.
References
Configurations
History
07 Nov 2023, 02:44
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | (MLIST) http://mail-archives.apache.org/mod_mbox/www-announce/201902.mbox/%3CCAECwjAVjBN%3DwO5rYs6ktAX-5%3D-f5JDFwbbTSM2TTjEbGO5jKKA%40mail.gmail.com%3E - Mitigation, Mailing List, Vendor Advisory |
Information
Published : 2019-03-08 21:29
Updated : 2023-12-10 12:59
NVD link : CVE-2017-3164
Mitre link : CVE-2017-3164
CVE.ORG link : CVE-2017-3164
JSON object : View
Products Affected
apache
- solr
CWE
CWE-918
Server-Side Request Forgery (SSRF)