Description

Apache Solr select handler allows remote attackers to interact with internal network resources via Server Side Request Forgery (SSRF). Consult Web References for more information about this problem.

Remediation

Upgrade to Apache Solr 7.7.0 or later.

References

CVE-2017-3164

SSRF bible. Cheatsheet

Related Vulnerabilities

Apache OFBiz SOAPService Deserialization RCE

Liferay version older than 7.1

WordPress Plugin Zingiri Web Shop 'ajax_save_name.php' Remote Code Execution (2.2.3)

vBulletin 5 CONNECT remote code execution

WordPress Plugin VaultPress Man-in-The-Middle (MiTM) Remote Code Execution (1.8.6)

Severity

Medium

Classification

CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Code Execution Acumonitor SSRF