CVE Vulnerabilities

CVE-2017-3164

Server-Side Request Forgery (SSRF)

Published: Mar 08, 2019 | Modified: Nov 07, 2023
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
LOW

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the shards parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.

Weakness

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Affected Software

Name Vendor Start Version End Version
Solr Apache 1.3.0 (including) 7.6.0 (including)
Lucene-solr Ubuntu bionic *
Lucene-solr Ubuntu cosmic *
Lucene-solr Ubuntu devel *
Lucene-solr Ubuntu disco *
Lucene-solr Ubuntu eoan *
Lucene-solr Ubuntu esm-apps/bionic *
Lucene-solr Ubuntu esm-apps/focal *
Lucene-solr Ubuntu esm-apps/jammy *
Lucene-solr Ubuntu esm-apps/noble *
Lucene-solr Ubuntu esm-apps/xenial *
Lucene-solr Ubuntu focal *
Lucene-solr Ubuntu groovy *
Lucene-solr Ubuntu hirsute *
Lucene-solr Ubuntu impish *
Lucene-solr Ubuntu jammy *
Lucene-solr Ubuntu kinetic *
Lucene-solr Ubuntu lunar *
Lucene-solr Ubuntu mantic *
Lucene-solr Ubuntu noble *
Lucene-solr Ubuntu oracular *
Lucene-solr Ubuntu trusty *
Lucene-solr Ubuntu trusty/esm *
Lucene-solr Ubuntu upstream *
Lucene-solr Ubuntu xenial *

References