CVE-2017-7660

CWE-287Improper Authentication7 documents7 sources
Severity
7.5HIGH
EPSS
0.5%
top 36.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache SolrApache Solr
Timeline
PublishedJul 7
Latest updateMay 14

Description

Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Mavenorg.apache.solr:solr-core5.3.05.5.5+1
NVDapache/solr21 versions+20
CVEListV5apache_software_foundation/apache_solr5.3 to 5.5.4, 6.0 to 6.5.1+1

🔴Vulnerability Details

3
GHSA
Apache Solr insecure inter-node communication2022-05-14
OSV
Apache Solr insecure inter-node communication2022-05-14
CVEList
CVE-2017-7660: Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled2017-07-07

📋Vendor Advisories

2
Red Hat
solr: Insufficient authentization for inter-node communication2017-07-07
Debian
CVE-2017-7660: lucene-solr - Apache Solr uses a PKI based mechanism to secure inter-node communication when s...2017

💬Community

1
Bugzilla
CVE-2017-7660 solr: Insufficient authentization for inter-node communication2017-07-20
CVE-2017-7660 (HIGH CVSS 7.5) | Apache Solr uses a PKI based mechan | cvebase.io