CVE-2017-3164
published 2019-03-08CVE-2017-3164: Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism…
PriorityP357high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
19.44%
97.0th percentile
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | solr | 1.3.0 – 7.6.0 | — |
| apache_software_foundation | apache_solr | — | — |
| debian | lucene-solr | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests to Apache Solr endpoints that include the 'shards' parameter, which can be abused to trigger SSRF by making Solr perform an HTTP GET request to any reachable URL ↗
- →Flag inbound Solr queries containing the 'shards' parameter pointing to internal/non-Solr hosts as potential SSRF abuse ↗
- ·Affected versions are Apache Solr 1.3 through 7.6 (inclusive); upgrade beyond 7.6 or apply a shards parameter whitelist to remediate ↗
- ·The vulnerability is exploitable by any remote attacker with access to the Solr server — network-level access controls are a critical compensating control ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv7.5HIGH
vendor_debian7.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Server-Side Request Forgery (SSRF) in org.apache.solr:solr-core
ghsa·2019-03-14
CVE-2017-3164 [HIGH] CWE-918 Server-Side Request Forgery (SSRF) in org.apache.solr:solr-core
Server-Side Request Forgery (SSRF) in org.apache.solr:solr-core
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.
OSV
Server-Side Request Forgery (SSRF) in org.apache.solr:solr-core
osv·2019-03-14
CVE-2017-3164 [HIGH] Server-Side Request Forgery (SSRF) in org.apache.solr:solr-core
Server-Side Request Forgery (SSRF) in org.apache.solr:solr-core
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.
OSV
CVE-2017-3164: Server Side Request Forgery in Apache Solr, versions 1
osv·2019-03-08·CVSS 7.5
CVE-2017-3164 [HIGH] CVE-2017-3164: Server Side Request Forgery in Apache Solr, versions 1
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.
Debian
CVE-2017-3164: lucene-solr - Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). ...
vendor_debian·2017·CVSS 7.5
CVE-2017-3164 [HIGH] CVE-2017-3164: lucene-solr - Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). ...
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.
Scope: local
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-3164 solr3: solr: SSRF in the shards parameter [fedora-all]
bugzilla·2019-02-21·CVSS 7.5
CVE-2017-3164 [HIGH] CVE-2017-3164 solr3: solr: SSRF in the shards parameter [fedora-all]
CVE-2017-3164 solr3: solr: SSRF in the shards parameter [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedor
Bugzilla
CVE-2017-3164 solr: SSRF in the shards parameter
bugzilla·2019-02-21·CVSS 7.5
CVE-2017-3164 [HIGH] CVE-2017-3164 solr: SSRF in the shards parameter
CVE-2017-3164 solr: SSRF in the shards parameter
A vulnerability was found Apache Solr versions from 1.3 to 7.6.0 . The "shards" parameter does not have a corresponding whitelist mechanism,
so it can request any URL.
Upstream bug:
https://issues.apache.org/jira/browse/SOLR-12770
Discussion:
Created solr3 tracking bugs for this issue:
Affects: fedora-all [bug 1679808]
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
http://mail-archives.apache.org/mod_mbox/www-announce/201902.mbox/%3CCAECwjAVjBN%3DwO5rYs6ktAX-5%3D-f5JDFwbbTSM2TTjEbGO5jKKA%40mail.gmail.com%3Ehttp://www.securityfocus.com/bid/107026https://lists.apache.org/thread.html/43026507844ada1ac658ccf7bc939378c13e492fd6538416ce65df39%40%3Cdev.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/75dc651478f9d04505b46d44fe3ac739e7aaf3d7bf1257973685f8f7%40%3Cdev.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3Ehttps://lists.apache.org/thread.html/ca3105b6934ccd28e843dffe39724f6963ff49825e9b709837203649%40%3Cdev.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/e0f9c652b57a91fdcc287efcead620af9f4d8e46b88f0b761aa265de%40%3Cdev.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8%40%3Ccommits.submarine.apache.org%3Ehttps://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3Ehttps://security.netapp.com/advisory/ntap-20190327-0003/https://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttp://mail-archives.apache.org/mod_mbox/www-announce/201902.mbox/%3CCAECwjAVjBN%3DwO5rYs6ktAX-5%3D-f5JDFwbbTSM2TTjEbGO5jKKA%40mail.gmail.com%3Ehttp://www.securityfocus.com/bid/107026https://lists.apache.org/thread.html/43026507844ada1ac658ccf7bc939378c13e492fd6538416ce65df39%40%3Cdev.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/75dc651478f9d04505b46d44fe3ac739e7aaf3d7bf1257973685f8f7%40%3Cdev.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3Ehttps://lists.apache.org/thread.html/ca3105b6934ccd28e843dffe39724f6963ff49825e9b709837203649%40%3Cdev.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/e0f9c652b57a91fdcc287efcead620af9f4d8e46b88f0b761aa265de%40%3Cdev.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8%40%3Ccommits.submarine.apache.org%3Ehttps://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3Ehttps://security.netapp.com/advisory/ntap-20190327-0003/https://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
2019-03-08
Published