CVE-2017-3164

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the shards parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.

Weakness

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Affected Software

Name	Vendor	Start Version	End Version
Solr	Apache	1.3.0 (including)	7.6.0 (including)
Lucene-solr	Ubuntu	bionic	*
Lucene-solr	Ubuntu	cosmic	*
Lucene-solr	Ubuntu	devel	*
Lucene-solr	Ubuntu	disco	*
Lucene-solr	Ubuntu	eoan	*
Lucene-solr	Ubuntu	esm-apps/bionic	*
Lucene-solr	Ubuntu	esm-apps/focal	*
Lucene-solr	Ubuntu	esm-apps/jammy	*
Lucene-solr	Ubuntu	esm-apps/noble	*
Lucene-solr	Ubuntu	esm-apps/xenial	*
Lucene-solr	Ubuntu	focal	*
Lucene-solr	Ubuntu	groovy	*
Lucene-solr	Ubuntu	hirsute	*
Lucene-solr	Ubuntu	impish	*
Lucene-solr	Ubuntu	jammy	*
Lucene-solr	Ubuntu	kinetic	*
Lucene-solr	Ubuntu	lunar	*
Lucene-solr	Ubuntu	mantic	*
Lucene-solr	Ubuntu	noble	*
Lucene-solr	Ubuntu	oracular	*
Lucene-solr	Ubuntu	plucky	*
Lucene-solr	Ubuntu	questing	*
Lucene-solr	Ubuntu	trusty	*
Lucene-solr	Ubuntu	trusty/esm	*
Lucene-solr	Ubuntu	upstream	*
Lucene-solr	Ubuntu	xenial	*

https://cwe.mitre.org/data/definitions/664.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-3164
CWE	https://cwe.mitre.org/data/definitions/918.html

Server-Side Request Forgery (SSRF)

Weakness

Affected Software

References

CVE-2017-3164

Server-Side Request Forgery (SSRF)

Weakness

Affected Software

Related Attack Patterns

References