cbcvebase.
CVE-2017-3164
published 2019-03-08

CVE-2017-3164: Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism…

PriorityP357high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
19.44%
97.0th percentile
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.

Affected

3 ranges
VendorProductVersion rangeFixed in
apachesolr1.3.0 – 7.6.0
apache_software_foundationapache_solr
debianlucene-solr

Detection & IOCsextracted from sources · hover to see the quote

  • Monitor HTTP requests to Apache Solr endpoints that include the 'shards' parameter, which can be abused to trigger SSRF by making Solr perform an HTTP GET request to any reachable URL
  • Flag inbound Solr queries containing the 'shards' parameter pointing to internal/non-Solr hosts as potential SSRF abuse
  • ·Affected versions are Apache Solr 1.3 through 7.6 (inclusive); upgrade beyond 7.6 or apply a shards parameter whitelist to remediate
  • ·The vulnerability is exploitable by any remote attacker with access to the Solr server — network-level access controls are a critical compensating control

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv7.5HIGH
vendor_debian7.5LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.