Apache Solr CVE-2017-3164 Server Side Request Forgery Security Bypass Vulnerability
BID:107026
CVE-2017-3164 |Info
Apache Solr CVE-2017-3164 Server Side Request Forgery Security Bypass Vulnerability
| Bugtraq ID: | 107026 |
| Class: | Design Error |
| CVE: |
CVE-2017-3164 |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 12 2019 12:00AM |
| Updated: | Feb 12 2019 12:00AM |
| Credit: | dk from Chaitin Tech |
| Vulnerable: |
Apache Solr 7.6 Apache Solr 7.3.1 Apache Solr 7.2.1 Apache Solr 7.0 Apache Solr 6.6.5 Apache Solr 6.6.4 Apache Solr 6.6.3 Apache Solr 6.6.2 Apache Solr 6.6.1 Apache Solr 6.6 Apache Solr 6.5.1 Apache Solr 6.5 Apache Solr 6.4 Apache Solr 6.3 Apache Solr 6.2 Apache Solr 5.5.4 Apache Solr 4.10.3 Apache Solr 4.10.1 Apache Solr 4.10 Apache Solr 4.6 Apache Solr 4.5.1 Apache Solr 4.4 Apache Solr 4.3.1 Apache Solr 3.6.1 Apache Solr 7.4 Apache Solr 7.3 Apache Solr 6.6 Apache Solr 6.3 Apache Solr 6.0 Apache Solr 5.3 Apache Solr 5.2.1 Apache Solr 5.1 Apache Solr 5.0 Apache Solr 4.9.1 Apache Solr 4.9.0 Apache Solr 4.8.1 Apache Solr 4.8.0 Apache Solr 4.7.2 Apache Solr 4.7.1 Apache Solr 4.7.0 Apache Solr 4.6.1 Apache Solr 4.5.0 Apache Solr 4.4 Apache Solr 4.3.0 Apache Solr 4.3 Apache Solr 4.2.1 Apache Solr 4.2.0 Apache Solr 4.10.2 Apache Solr 4.1.0 Apache Solr 4.1 Apache Solr 4.0.0 Apache Solr 3.6.2 Apache Solr 3.6.0 Apache Solr 1.3 |
| Not Vulnerable: |
Apache Solr 7.7 |
Discussion
Apache Solr CVE-2017-3164 Server Side Request Forgery Security Bypass Vulnerability
Apache Solr is prone to a security-bypass vulnerability.
An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.
Apache Solr version 1.3 through 7.6.0 are vulnerable.
Apache Solr is prone to a security-bypass vulnerability.
An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.
Apache Solr version 1.3 through 7.6.0 are vulnerable.
Exploit / POC
Apache Solr CVE-2017-3164 Server Side Request Forgery Security Bypass Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Apache Solr CVE-2017-3164 Server Side Request Forgery Security Bypass Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Apache Solr CVE-2017-3164 Server Side Request Forgery Security Bypass Vulnerability
References:
References:
- CVE-2017-3164: Apache Solr: SSRF issue (Seclists.org)
- Apache Homepage (Apache)
- [CVE-2017-3164] Make it possible to configure a shards whitelist for master/slav (Apache)
- Red Hat Bugzilla �?? Bug 1679807 (Red Hat Bugzilla)