Description

Apache Solr is the popular, blazing fast open source enterprise search platform from the Apache Lucene project. Its major features include powerful full-text search, hit highlighting, faceted search, dynamic clustering, database integration, rich document (e.g., Word, PDF) handling, and geo-spatial search. Solr is highly scalable, providing distributed search and index replication, and it powers the search and navigation features of many of the world's largest internet sites.

Acunetix discovered an endpoint from where it's possible to issue Solr search queries and see the search results. This is not a vulnerability by itself, however it can be dangerous if the data indexed by Solr contains sensitive information that normally isn't publicly accessible.

Remediation

Restrict access to the Solr endpoint if the data indexed by Solr contains sensitive information.

References

Related Vulnerabilities