Apache Solr SSRF CVE-2017-3164

Description

Apache Solr select handler allows remote attackers to interact with internal network resources via Server Side Request Forgery (SSRF). Consult Web References for more information about this problem.

Remediation

Upgrade to Apache Solr 7.7.0 or later.

References

CVE-2017-3164

SSRF bible. Cheatsheet

Related Vulnerabilities

Drupal Core 4.7.x Arbitrary Code Execution (4.7.0 - 4.7.5)

Elasticsearch remote code execution

Apache Unomi MVEL RCE (CVE-2020-13942)

WordPress Plugin UnGallery 'search' Parameter Remote Arbitrary Command Execution (2.1.5)

Unauthenticated Remote Code Execution via JSONWS in Liferay 7.2.0 CE GA1

Severity

Medium

Classification

CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N